CVE-2020-27131
published 2020-11-17CVE-2020-27131: Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
87.72%
99.7th percentile
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_security_manager | — | — |
| cisco | security_manager | <= 4.22 | — |
| cisco | security_manager_java_deserialization | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect malicious serialized Java objects sent to a specific listener on Cisco Security Manager; exploitation results in command execution as NT AUTHORITY\SYSTEM on the Windows host. ↗
- →Monitor for inbound requests to Cisco Security Manager containing serialized Java object payloads (e.g., crafted with ysoserial/ysoserial.net); these are unauthenticated pre-auth exploitation attempts. ↗
- →Track Cisco Bug IDs CSCvu99974 and CSCvv79824 for patch status and vendor-side detection guidance related to CVE-2020-27131. ↗
- ·No workarounds or mitigations exist for CVE-2020-27131; Cisco confirmed no workarounds address these vulnerabilities. ↗
- ·Public PoC code for all 12 vulnerabilities (including CVE-2020-27131) was released by researcher Florian Hauser on November 16, 2020, raising active exploitation risk. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Security Manager Java Deserialization Vulnerabilities
vendor_cisco·2020-11-16·CVSS 8.1
CVE-2020-27131 [HIGH] CWE-20 Cisco Security Manager Java Deserialization Vulnerabilities
Cisco Security Manager Java Deserialization Vulnerabilities
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabil
Cisco
Cisco Security Manager Java Deserialization Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2020-27131 Cisco Security Manager Java Deserialization Vulnerabilities
CVE-2020-27131: Cisco Security Manager Java Deserialization Vulnerabilities
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has released software updates that address these vulnerabilities. There are no
CVSS: 3.1
CWE: CWE-20, CWE-
GHSA
GHSA-jwxx-hpqc-j7wm: Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker t
ghsa_unreviewed·2022-05-24
CVE-2020-27131 [CRITICAL] CWE-502 GHSA-jwxx-hpqc-j7wm: Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker t
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.
No detection rules found.
No public exploits indexed.
Tenable
CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed
blogs_tenable·2020-11-17·CVSS 7.4
[HIGH] CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
arXiv
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
arxiv_fulltext·2022-08-17
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities
[Imen Sayar]Imen Sayar^
[email protected]
University of Toulouse
Blagnac
France
31070
^ Part of this research was conducted when Imen Sayar was at the University of Luxembourg
[Alexandre Bartel]Alexandre Bartel^*
[email protected]
Umeå University
MIT-Huset
Umeå
Sweden
^*Part of this research was conducted when Alexandre Bartel was at the University of Luxembourg and the University of Copenhagen.
Eric Bodden
[email protected]
Paderborn University
Paderborn
Germany
Yves Le Traon
[email protected]
University of Luxembourg
6, rue Richard Coudenhove-Kalergi
Kirchberg Campus
Luxembourg
L-1359
## Abstract
Nowadays, an increasing number of applications uses deserializatio
2020-11-17
Published