Cisco patch notes ‘left out’ details of RCE flaws

The company has since released advisories for three flaws a week after first patching its security management platform

Close up Cisco logo on a UCS C240 M4 server in a data centre

The recently patched Cisco Security Manager (CSM) platform did not initially include details of 12 severe security vulnerabilities that could, if exploited, lead to remote code execution (RCE).

Although these 12 flaws in CSM, an enterprise-class management console that offers insight into the control of Cisco security and network devices, were recently fixed, its developers failed to mention these at all, according to security researcher Florian Hauser

Hauser claims to have reported these 12 bugs to the networking giant in July this year and was under the impression they were due to be fixed when CSM was updated to version 4.22 earlier this month.

The researcher claims, however, that despite patching the vulnerabilities last week, the company didn’t mention them at all in the release notes for CSM and did not issue security advisories for businesses that may be potentially affected.

As a result, Hauser has published the proof-of-concept for all 12 flaws that he submitted via GitHub, including a host of RCE exploits that cyber criminals could use if targeting an unpatched system. 

“120 days ago, I disclosed 12 vulnerabilities to Cisco affecting the web interface of Cisco Security Manager. All unauthenticated, almost all directly giving RCE,” Hauser posted on Twitter on 11 November, following this up overnight with: “Since Cisco PSIRT became unresponsive and the published release 4.22 still doesn't mention any of the vulnerabilities, here are 12 PoCs in 1 gist.”

The CSM 4.22 release notes outlined several improvements to security and functionality, including support for AnyConnect Web Security WSO. The company has subsequently released advisories for three vulnerabilities that were reported in July, crediting Florian Hauser for discovery.

The first, a path traversal vulnerability, tagged CVE-2020-27130 and assigned a CVSS score of 9.1, could allow an unauthenticated remote attacker to gain access to sensitive information, upon successful exploitation. This is due to improper validation of traversal character sequences within requests to affected devices.

The second, a Java deserialisation flaw, is tagged CVE-2020-27131 and assigned a severity score of 8.1, could also allow a remote attacker to execute arbitrary commands on an affected device. The final flaw, a static credential vulnerability tagged CVE-2020-27125 and assigned a severity score of 7.4, could also allow a remote attacker to access sensitive information on a targeted system.

“On November 16, Cisco published three security advisories for the reported vulnerabilities in Cisco Security Manager (CSM)," a Cisco spokesperson told IT Pro. "The 12 issues reported are tracked and addressed through four Cisco bug IDs. Cisco has released free software updates that address the vulnerabilities described in the CSM path traversal vulnerability advisory and the CSM static credential vulnerability advisory.

"Cisco will release free software updates as soon as possible that address the vulnerabilities described in the CSM Java deserialization vulnerabilities advisory. We ask our customers to please review the advisories for complete detail. Cisco PSIRT is not aware of malicious use of the vulnerabilities that are described in the advisories.”

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

What are biometrics?
Security

What are biometrics?

27 Nov 2020
Black Friday's best antivirus deals
Security

Black Friday's best antivirus deals

27 Nov 2020
Veritas Access Appliance with IBM Spectrum® Protect
Server & storage

Veritas Access Appliance with IBM Spectrum® Protect

27 Nov 2020
Ransomware protection with Veritas NetBackup Appliances
Security

Ransomware protection with Veritas NetBackup Appliances

27 Nov 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020