{"id":41563,"date":"2020-11-17T10:49:24","date_gmt":"2020-11-17T10:49:24","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=ed891017aad72e140e6ec65d84a2ab15"},"modified":"2020-11-17T10:49:24","modified_gmt":"2020-11-17T10:49:24","slug":"cisco-patch-notes-left-out-details-of-rce-flaws","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/cisco-patch-notes-left-out-details-of-rce-flaws\/","title":{"rendered":"Cisco patch notes \u2018left out\u2019 details of RCE flaws"},"content":{"rendered":"


\n Keumars Afifi-Sabet<\/a><\/span>
\n <\/span><\/p>\n

\n
\n
17 Nov, 2020<\/span><\/div>\n<\/p><\/div>\n<\/div>\n

\n<\/a><\/p>\n

\n

The recently patched Cisco Security Manager (CSM) platform did not initially include details of 12 severe security vulnerabilities that could, if exploited,\u00a0lead to remote code execution (RCE).<\/p>\n

Although these 12 flaws in CSM, an enterprise-class management console that offers insight into the control of Cisco security and network devices, were recently fixed, its developers failed to mention these at all, according to\u00a0security researcher Florian Hauser<\/a>.\u00a0<\/p>\n

Hauser claims to have reported these 12 bugs to the networking giant in July this year and was under the impression they were due to be fixed when CSM was updated to version 4.22 earlier this month.<\/p>\n

<\/p>\n

\nThe researcher claims, however, that despite\u00a0patching the vulnerabilities<\/a>\u00a0last week, the company didn\u2019t mention them at all in the release notes for CSM and did not issue security advisories for businesses that may be potentially affected.<\/p>\n

As a result, Hauser has\u00a0published the proof-of-concept for all 12 flaws<\/a>\u00a0that he submitted via GitHub, including a host of RCE exploits that cyber criminals could use if targeting an unpatched system.\u00a0<\/p>\n

\u201c120 days ago, I disclosed 12 vulnerabilities to Cisco affecting the web interface of Cisco Security Manager. All unauthenticated, almost all directly giving RCE,\u201d Hauser posted on Twitter on 11 November, following this up overnight with: \u201cSince Cisco PSIRT became unresponsive and the published release 4.22 still doesn’t mention any of the vulnerabilities, here are 12 PoCs in 1 gist.\u201d<\/p>\n

The CSM 4.22 release notes outlined several improvements to security and functionality, including support for AnyConnect Web Security WSO. The company has subsequently released advisories for three vulnerabilities that were reported in July, crediting Florian Hauser for discovery.<\/p>\n

The first, a path traversal vulnerability, tagged\u00a0CVE-2020-27130<\/a>\u00a0and assigned a CVSS score of 9.1, could allow an unauthenticated remote attacker to gain access to sensitive information, upon successful exploitation. This is due to improper validation of traversal character sequences within requests to affected devices.<\/p>\n

The second, a Java deserialisation flaw, is tagged\u00a0CVE-2020-27131<\/a>\u00a0and assigned a severity score of 8.1, could also allow a remote attacker to execute arbitrary commands on an affected device. The final flaw, a static credential vulnerability tagged\u00a0CVE-2020-27125<\/a>\u00a0and assigned a severity score of 7.4, could also allow a remote attacker to access sensitive information on a targeted system.<\/p>\n

IT Pro\u00a0<\/em>approached Cisco to clarify why it had first failed to mention these flaws in the patch notes for CSM version 4.22. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Keumars Afifi-Sabet<\/p>\n

17 Nov, 2020 <\/p>\n

The recently patched Cisco Security Manager (CSM) platform did not initially include details of 12 severe security vulnerabilities that could, if exploited,\u00a0lead to remote code execution …<\/p>\n","protected":false},"author":433,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-41563","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/433"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=41563"}],"version-history":[{"count":2,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41563\/revisions"}],"predecessor-version":[{"id":41567,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41563\/revisions\/41567"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=41563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=41563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=41563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}