cvelist/2020/27xxx/CVE-2020-27125.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2020-11-16T23:00:00",
        "ID": "CVE-2020-27125",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Security Manager Static Credential Vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Cisco Security Manager ",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks."
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-20"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20201116 Cisco Security Manager Static Credential Vulnerability",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-rce-8gjUz9fW"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-csm-rce-8gjUz9fW",
        "defect": [
            [
                "CSCvu99938"
            ]
        ],
        "discovery": "INTERNAL"
    }
}