Details of VAR-202011-0731

ID

VAR-202011-0731

CVE

CVE-2020-27125

TITLE

Cisco Security Manager Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013616

DESCRIPTION

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. Cisco Security Manager (CSM) is a set of enterprise-level management applications from Cisco, which is mainly used to configure firewall, VPN and intrusion prevention security services on Cisco network and security devices

Trust: 1.71

sources: NVD: CVE-2020-27125 // JVNDB: JVNDB-2020-013616 // VULHUB: VHN-370497

AFFECTED PRODUCTS

vendor:	cisco	model:	security manager	scope:	lte	version:	4.21	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco security manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013616 // NVD: CVE-2020-27125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27125
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-27125
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-27125
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202011-1489
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-370497
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27125
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-370497
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27125
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-27125
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2020-27125
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-370497 // JVNDB: JVNDB-2020-013616 // CNNVD: CNNVD-202011-1489 // NVD: CVE-2020-27125 // NVD: CVE-2020-27125

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-370497 // JVNDB: JVNDB-2020-013616 // NVD: CVE-2020-27125

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1489

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1489

PATCH

title:	cisco-sa-csm-rce-8gjUz9fW	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-rce-8gjUz9fW	Trust: 0.8
title:	Cisco Security Manager Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135491	Trust: 0.6

sources: JVNDB: JVNDB-2020-013616 // CNNVD: CNNVD-202011-1489

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27125	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013616	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4075	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1489	Trust: 0.6
db:	VULHUB	id:	VHN-370497	Trust: 0.1

sources: VULHUB: VHN-370497 // JVNDB: JVNDB-2020-013616 // CNNVD: CNNVD-202011-1489 // NVD: CVE-2020-27125

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-csm-rce-8gjuz9fw	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27125	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.4075/	Trust: 0.6

sources: VULHUB: VHN-370497 // JVNDB: JVNDB-2020-013616 // CNNVD: CNNVD-202011-1489 // NVD: CVE-2020-27125

SOURCES

db:	VULHUB	id:	VHN-370497
db:	JVNDB	id:	JVNDB-2020-013616
db:	CNNVD	id:	CNNVD-202011-1489
db:	NVD	id:	CVE-2020-27125

LAST UPDATE DATE

2024-11-23T21:58:57.844000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-370497	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013616	date:	2021-07-08T08:28:00
db:	CNNVD	id:	CNNVD-202011-1489	date:	2020-12-02T00:00:00
db:	NVD	id:	CVE-2020-27125	date:	2024-11-21T05:20:45.610

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-370497	date:	2020-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-013616	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202011-1489	date:	2020-11-16T00:00:00
db:	NVD	id:	CVE-2020-27125	date:	2020-11-17T03:15:12.577