CVSS 9.1 – CWE-35

“A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.”

On the 16/11/2020 a POC for a range of CISCO device vulnerabilities was released on GitHub by https://twitter.com/frycos.

Recommendations

The recommendation is that organisations with these devices review the applicability and where required patch their systems.
Organisaitons should review their logs for indicators of compromise
Organisations should add indicators to monitoring and alerting (e.g. path traversal execution with http 200 responses)