Remote Code Execution Discovered in Cisco Security Manager

Cisco Security Management

Multiple security advisories related to critical flaws in the Cisco Security Manager product have been released. These revelations come a week after patches for platform version 4.22 were released.

A security researcher, Florian Hauser of Code White, disclosed proofs-of-concept for 12 vulnerabilities that affected the CSM web interface. These vulnerabilities make it possible for an unauthenticated attacker to remotely execute code on the device.

The impact

This is dangerous as the attacker can exploit the vulnerabilities on unpatched devices and can execute commands remotely without the need for credentials of a legitimate user.

Successful exploitation allows an attacker to craft malicious requests, upload and download arbitrary files as the highest privileged user on the system giving the adversary access to all files in a specific directory.

The remediation

It is extremely important for those who haven’t patched to do so immediately. The patch can be found here.

In addition to this, another flaw related to an insecure Java deserialization function used by CSM is yet to be addressed by Cisco. It is therefore recommended, to patch as soon as the next version is available.

Source: The Hacker News

Risk Crew