Cisco Security Manager Path Traversal Vulnerability

Published On: Nov 18, 2020 16:34

Advisory No:

Source:

Software Affected:

Overview

Description

Advisory No: TZCERT/SA/2020/11/18

Date of First Release: 18th November 2020

Source: CISCO

Software Affected: Cisco Security Manager releases 4.21 and earlier.

Overview:

The vulnerability exists in the Cisco Security Manager device and can allow an unauthenticated, remote attacker to gain access to sensitive information.

Description:

The vulnerability is caused by improper validation of directory traversal sequences on affected device. An unauthenticated, remote attacker can exploit this vulnerability, by sending specially crafted URI that contains directory traversal characters, which can disclose the contents of files that are located outside of the server’s restricted path.

Impact:

Successful exploitation of the vulnerability could allow an adversary to gain access to sensitive information.

Solution:

Cisco has not issued any workaround that addresses this vulnerability; however, Cisco has released software updates for the product. Users and administrators are advised to apply cisco updates.

References:

  1. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-path-trav-NgeRnqgR

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident