Critical vulnerabilities in Cisco Security Manager allow arbitrary code execution; update now

Cisco security teams released multiple security updates to correct newly detected authentication flaws in Cisco Security Manager, whose exploit would allow threat actors to execute malicious code on affected systems.

Security Manager helps manage security policies on a wide variety of network devices, operating with a wide range of Cisco family products including Cisco Catalyst switches, firewall service modules, and routers.

La imagen tiene un atributo ALT vacío; su nombre de archivo es vulnerability.jpg

In a statement, the Cisco Product Security Incident Response Team (PSIRT) notes: “We are aware of public announcements about these vulnerabilities. Flaws affect Cisco Security Manager 4.22 and earlier versions and were revealed on November 16”.

Cybersecurity specialist Florian Hauser found these 12 flaws and revealed proof-of-concept exploits after he reported the finding to the company and received no response. For their part, the company’s representatives claim not to be aware of any active exploitation cases: “Cisco is not aware of the abuse of the flaws described in the security alert,” the company’s message states.

The company also announced fixes for 2 of the reported flaws (CVE-2020-27125 and CVE-2020-27130), although no details were provided on the security patches for the remaining 10 vulnerabilities. Hauser mentions that it detected flaws in the Java deserialization feature in Security Manager, mentioning that they most likely exist because that process is carried out unsafely on the affected software.

Successful exploitation could allow unauthenticated attackers to execute arbitrary commands remotely on vulnerable devices, Hauser added: “A threat actor could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system.”

Cisco fixed flaws in Security Manager version 4.22 Service Pack 1. Administrators should immediately deploy the security update as soon as possible, as there are no solutions that resolve these security errors.