Security News > 2020 > December > Cisco fixes Security Manager vulnerabilities with public exploits
Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation.
Cisco Security Manager helps manage security policies on a large assortment of Cisco security and network devices, and it also provides summarized reports and security event troubleshooting capabilities.
These vulnerabilities impact Cisco Security Manager releases 4.22 and earlier and they were disclosed by Cisco on November 16, after being reported by Code White security researcher Florian Hauser in August.
Hauser shared proof-of-concept exploits for all 12 Cisco Security Manager vulnerabilities he reported after Cisco PSIRT stopped responding.
Cisco addressed two of the 12 vulnerabilities but didn't provide any security updates to fix multiple security bugs, collectively tracked as CVE-2020-27131.
News URL
Related news
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-17 | CVE-2020-27131 | Deserialization of Untrusted Data vulnerability in Cisco Security Manager Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. | 9.8 |