From 21fbbde81d155a9526fdbd4497bd9c64db2ef0fc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Nov 2020 05:01:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27130.json | 4 ++-- 2020/27xxx/CVE-2020-27131.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/2020/27xxx/CVE-2020-27130.json b/2020/27xxx/CVE-2020-27130.json index 8dd50c51b22..0762e198e81 100644 --- a/2020/27xxx/CVE-2020-27130.json +++ b/2020/27xxx/CVE-2020-27130.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.\r The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.\r " + "value": "A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27131.json b/2020/27xxx/CVE-2020-27131.json index c92b8baf547..803f3570b1a 100644 --- a/2020/27xxx/CVE-2020-27131.json +++ b/2020/27xxx/CVE-2020-27131.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.\r These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\\SYSTEM on the Windows target host.\r Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file