Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2020-8277 – Node.js Denial of Service Vulnerability
November 17, 2020
Rewterz
Rewterz Threat Advisory – IBM Sterling File Gateway Information Disclosure
November 17, 2020

Rewterz Threat Advisory – Multiple RCE Flaws in Cisco Security Manager

Severity

High

Analysis Summary

CVE-2020-27130

The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.


CVE-2020-27125

The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.

CVE-2020-27131

These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host.

Impact

Remote code execution

Affected Vendors

Cisco

Affected Products

Cisco Security Manager releases 4.21 and earlier

Remediation

Refer to Cisco advisory for the complete list of affected products and their respective patches.

https://tools.cisco.com/security/center/publicationListing.x