HIGH✓ PATCH🇬🇧 English

CVE-2020-27125

CVSS 7.4v3.1pub. 2020-11-17upd. 2024-11-21

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Cisco Security Manager

    APP
    Cisco
    ≤ 4.21
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2020-27130CRITICAL9.1ten sam produkt

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to se...

CVE-2019-12630CRITICAL9.8ten sam produkt

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthentic...

CVE-2020-27131HIGH8.1ten sam produkt

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could all...

CVE-2010-3036HIGH10.0ten sam produkt

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Com...

CVE-2009-1161HIGH10.0ten sam produkt

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through...