Threat Encyclopedia

Cisco.Security.Manager.SecretService.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Input Validation Error Vulnerability in Cisco Systems Cisco Security Manager (CSM).
The vulnerability is due to insufficient validation of requests to SecretService.jsp. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution as root.

affected-products-logoAffected Products

Cisco Systems Cisco Security Manager (CSM) 4.22 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD

CVE References

CVE-2020-27131