New Delhi, Nov 17 (SocialNews.XYZ) Networking giant Cisco has disclosed a critical security vulnerability in Cisco Security Manager that could allow an unauthenticated, remote attacker to gain access to sensitive information.
The company said it has released software updates that address this vulnerability and there are no workarounds that address this vulnerability.
"An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device," the company warned in its latest security update.
"The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device".
This vulnerability affects Cisco Security Manager release 4.21 and earlier.
Cisco said a total of three security vulnerabilities have been fixed in version 4.22 of Cisco Security Manager which was released last week.
The company published the advisory after Florian Hauser of security firm Code White, who reported the bugs to Cisco, published proof of concept (PoC) exploits for 12 vulnerabilities affecting Cisco Security Manager, reports ZDNet.
Another bug in Cisco Security Manager releases 4.21 and earlier, tracked as CVE-2020-27125, could allow attackers to view insufficiently protected static credentials on the affected software.
Source: IANS
Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.
He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.
When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.
He can be reached at gopi@socialnews.xyz
This website uses cookies.