Cisco Multiple Critical Vulnerabilities Alert

On November 18, 2020, Cisco officially issued risk notices for multiple serious vulnerabilities, the vulnerabilities numbered CVE-2020-27130, CVE-2020-3531, CVE-2020-3586, and CVE-2020-3470. There are a total of 4 serious vulnerabilities in this notice. Attackers can use these vulnerabilities to obtain arbitrary files, execute arbitrary commands, and control the behavior of related devices.
Cisco VPN

Vulnerability Detail

CVE-2020-27130: Cisco Security Manager Path Traversal Vulnerability

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.

CVE-2020-3531: Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system.

The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.

CVE-2020-3586: Cisco DNA Spaces Connector Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.

The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application.

CVE-2020-3470: Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges.

The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).

Affected version

  • Cisco dna_space_connector : <2.3
  • Cisco imc : UCS S-Series/UCS C-Series/UCS E-Series/5000 Series ENCS/
  • Cisco iot_field_network_director : <4.6.1
  • Cisco security_manager : <=4.21

Solution

In this regard, we recommend that users upgrade Cisco related components to the latest version in time.