CRITICAL✓ PATCH🇬🇧 English

CVE-2020-27130

CVSS 9.1v3.1pub. 2020-11-17upd. 2024-11-21

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Cisco Security Manager

    APP
    Cisco
    ≤ 4.21
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2019-12630CRITICAL9.8ten sam produkt

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthentic...

CVE-2020-27131HIGH8.1ten sam produkt

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could all...

CVE-2020-27125HIGH7.4ten sam produkt

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive ...

CVE-2010-3036HIGH10.0ten sam produkt

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Com...

CVE-2009-1161HIGH10.0ten sam produkt

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through...