CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27131

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.844

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 10.0

References

Products affected by CVE-2020-27131

Cisco » Security Manager » Version: N/A

cpe:2.3:a:cisco:security_manager:-
Cisco » Security Manager » Version: 3.0.2

cpe:2.3:a:cisco:security_manager:3.0.2
Cisco » Security Manager » Version: 3.1

cpe:2.3:a:cisco:security_manager:3.1
Cisco » Security Manager » Version: 3.1.1

cpe:2.3:a:cisco:security_manager:3.1.1
Cisco » Security Manager » Version: 3.2

cpe:2.3:a:cisco:security_manager:3.2
Cisco » Security Manager » Version: 3.2.1

cpe:2.3:a:cisco:security_manager:3.2.1
Cisco » Security Manager » Version: 3.2.2

cpe:2.3:a:cisco:security_manager:3.2.2
Cisco » Security Manager » Version: 3.3

cpe:2.3:a:cisco:security_manager:3.3
Cisco » Security Manager » Version: 3.3.1

cpe:2.3:a:cisco:security_manager:3.3.1
Cisco » Security Manager » Version: 4.0

cpe:2.3:a:cisco:security_manager:4.0
Cisco » Security Manager » Version: 4.0.1

cpe:2.3:a:cisco:security_manager:4.0.1
Cisco » Security Manager » Version: 4.1

cpe:2.3:a:cisco:security_manager:4.1
Cisco » Security Manager » Version: 4.10

cpe:2.3:a:cisco:security_manager:4.10
Cisco » Security Manager » Version: 4.11

cpe:2.3:a:cisco:security_manager:4.11
Cisco » Security Manager » Version: 4.12

cpe:2.3:a:cisco:security_manager:4.12
Cisco » Security Manager » Version: 4.13

cpe:2.3:a:cisco:security_manager:4.13
Cisco » Security Manager » Version: 4.14

cpe:2.3:a:cisco:security_manager:4.14
Cisco » Security Manager » Version: 4.15

cpe:2.3:a:cisco:security_manager:4.15
Cisco » Security Manager » Version: 4.16

cpe:2.3:a:cisco:security_manager:4.16
Cisco » Security Manager » Version: 4.17

cpe:2.3:a:cisco:security_manager:4.17
Cisco » Security Manager » Version: 4.18

cpe:2.3:a:cisco:security_manager:4.18
Cisco » Security Manager » Version: 4.19

cpe:2.3:a:cisco:security_manager:4.19
Cisco » Security Manager » Version: 4.2

cpe:2.3:a:cisco:security_manager:4.2
Cisco » Security Manager » Version: 4.20

cpe:2.3:a:cisco:security_manager:4.20
Cisco » Security Manager » Version: 4.21

cpe:2.3:a:cisco:security_manager:4.21
Cisco » Security Manager » Version: 4.22

cpe:2.3:a:cisco:security_manager:4.22
Cisco » Security Manager » Version: 4.3

cpe:2.3:a:cisco:security_manager:4.3
Cisco » Security Manager » Version: 4.4

cpe:2.3:a:cisco:security_manager:4.4
Cisco » Security Manager » Version: 4.5

cpe:2.3:a:cisco:security_manager:4.5
Cisco » Security Manager » Version: 4.6

cpe:2.3:a:cisco:security_manager:4.6
Cisco » Security Manager » Version: 4.7(0)

cpe:2.3:a:cisco:security_manager:4.7(0)
Cisco » Security Manager » Version: 4.8

cpe:2.3:a:cisco:security_manager:4.8
Cisco » Security Manager » Version: 4.9

cpe:2.3:a:cisco:security_manager:4.9
Cisco » Security Manager » Version: 4.9(0)qa99

cpe:2.3:a:cisco:security_manager:4.9(0)qa99

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27131

Products

Pricing

Contact Us