Express Computer
Home  »  News  »  Cisco patches critical bug in its Security Manager

Cisco patches critical bug in its Security Manager

0 39
Read Article

Networking giant Cisco has disclosed a critical security vulnerability in Cisco Security Manager that could allow an unauthenticated, remote attacker to gain access to sensitive information.

The company said it has released software updates that address this vulnerability and there are no workarounds that address this vulnerability.

“An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device,” the company warned in its latest security update.

“The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device”.

This vulnerability affects Cisco Security Manager release 4.21 and earlier.

Cisco said a total of three security vulnerabilities have been fixed in version 4.22 of Cisco Security Manager which was released last week.

The company published the advisory after Florian Hauser of security firm Code White, who reported the bugs to Cisco, published proof of concept (PoC) exploits for 12 vulnerabilities affecting Cisco Security Manager, reports ZDNet.

Another bug in Cisco Security Manager releases 4.21 and earlier, tracked as CVE-2020-27125, could allow attackers to view insufficiently protected static credentials on the affected software.


If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]


Get real time updates directly on you device, subscribe now.

Subscribe to our newsletter
Sign up here to get the latest news, updates delivered directly to your inbox.
You can unsubscribe at any time

Leave A Reply

Your email address will not be published.

Know how to Improve Citizen Services in the "New Normal"
Register Now
Strengthen Your Business Continuity
Register Now