Rewterz Threat Advisory – CVE-2020-8277 – Node.js Denial of Service Vulnerability
November 17, 2020Rewterz Threat Advisory – IBM Sterling File Gateway Information Disclosure
November 17, 2020Rewterz Threat Advisory – CVE-2020-8277 – Node.js Denial of Service Vulnerability
November 17, 2020Rewterz Threat Advisory – IBM Sterling File Gateway Information Disclosure
November 17, 2020Severity
High
Analysis Summary
CVE-2020-27130
The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.
CVE-2020-27125
The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.
CVE-2020-27131
These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host.
Impact
Remote code execution
Affected Vendors
Cisco
Affected Products
Cisco Security Manager releases 4.21 and earlier
Remediation
Refer to Cisco advisory for the complete list of affected products and their respective patches.
https://tools.cisco.com/security/center/publicationListing.x