CVE-2020-27130

CWE-357 documents6 sources
Severity
9.1CRITICAL
EPSS
14.1%
top 5.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Security ManagerCisco Cisco Security Manager
Timeline
PublishedNov 17
Latest updateMay 24

Description

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5f89-cfxh-c74m: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information2022-05-24
CVEList
Cisco Security Manager Path Traversal Vulnerability2020-11-17

🔍Detection Rules

2
Suricata
ET EXPLOIT Cisco Security Manager Path Traversal - cwhp (CVE-2020-27130)2022-02-04
Suricata
ET EXPLOIT Cisco Security Manager Path Traversal - athena (CVE-2020-27130)2022-02-04

📋Vendor Advisories

1
Cisco
Cisco Security Manager Path Traversal Vulnerability2020-11-16
CVE-2020-27130 (CRITICAL CVSS 9.1) | A vulnerability in Cisco Security M | cvebase.io