CVE-2020-27130

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.

Published: Nov 17, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-27130
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / security_manager	-	4.21.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-path-trav-NgeRnqgR

Vulnerability Database

289,784

CVE-2020-27130