A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Cisco Security Manager Path Traversal Vulnerability

Cisco Security Manager Path Traversal Vulnerability

Advisory No: TZCERT/SA/2020/11/18

Date of First Release: 18th November 2020

Source: CISCO

Software Affected: Cisco Security Manager releases 4.21 and earlier.

Overview:

The vulnerability exists in the Cisco Security Manager device and can allow an unauthenticated, remote attacker to gain access to sensitive information.

Description:

The vulnerability is caused by improper validation of directory traversal sequences on affected device. An unauthenticated, remote attacker can exploit this vulnerability, by sending specially crafted URI that contains directory traversal characters, which can disclose the contents of files that are located outside of the server’s restricted path.

Impact:

Successful exploitation of the vulnerability could allow an adversary to gain access to sensitive information.

Solution:

Cisco has not issued any workaround that addresses this vulnerability; however, Cisco has released software updates for the product. Users and administrators are advised to apply cisco updates.

References:

  1. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-path-trav-NgeRnqgR

Check Also

VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006

Advisory No: TZCERT/SA/2020/11/26 Date of First Release: 26th November 2020 Source: VMware Software Affected:  VMware Workspace One Access    …