Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

May

May TRU Intelligence Briefing

May

Elevate IT Technology Summit Kansas City

May

Cybersecurity Summit Toronto

May

Cybersec Brussels

May

Cybersecurity Summit Austin

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

Cisco has announced the availability of Cisco Security Manager Release 4.22 to address three previously undisclosed vulnerabilities affecting the Cisco Security Manager software used to manage Cisco security devices. These vulnerabilities, if exploited, would allow threat actors to read static credentials, steal sensitive information, and execute commands on vulnerable devices. These vulnerabilities were publicly disclosed on November 16th, and are tracked as CVE-2020-27125, CVE-2020-27130, and CVE-2020-27131.

Security updates to address CVE-2020-27125 and CVE-2020-27130 were released by Cisco on November 10th and should be highly prioritized to be updated as part of a patch management program. Security patches to address CVE-2020-27131 have not been released at the time of writing.

On November 17th, 2020, Proof-of-Concept (PoC) exploit code was made publicly available by the researcher who reported these vulnerabilities [1]. Exploitation in the wild has not been identified at this time but is expected in the immediate future due to the release of PoC code.

What we’re doing about it

MVS has plugins in place to identify CVE-2020-27125 and CVE-2020-27130
MVS will automatically add the relevant checks once they are made available
eSentire security teams continue to track this topic for additional details and detection opportunities

What you should do about it

Ensure the Cisco Security Manager is not exposed to the internet
Update to Cisco Security Manager Release 4.22
- Workarounds are not available for any of the mentioned vulnerabilities, raising the importance applying available security updates as soon as possible
Once made available, update to Cisco Security Manager Release 4.23

Additional information

CVE-2020-27125 allows an unauthenticated and remote threat actor to access sensitive information on vulnerable systems. The vulnerability is due to insufficient protection of static credentials included in the product code. In order to exploit this vulnerability, a threat actor would need to view the product’s source code. CVE-2020-27125 has a criticality rating of 7.4/10.

CVE-2020-27130 is a path traversal vulnerability that would allow a remote and unauthenticated threat actor to exfiltrate sensitive information from vulnerable devices. Exploitation can be achieved by sending a maliciously crafted request to a vulnerable device. The vulnerability is due to a lack of proper validation of directory traversal character sequences and has received a criticality rating of 9.1/10.

CVE-2020-27131 is the title for multiple vulnerabilities found in the Java deserialization function used in the Cisco Security Manager. Based on the description provided by Cisco, these vulnerabilities allow for arbitrary code execution by a remote and unauthenticated threat actor. These vulnerabilities are rated 8.1/10. Security updates to address CVE-2020-27131 are currently unavailable but are scheduled to be included in the Cisco Security Manager Release 4.23.

References:

[1] https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One

MDR Vendors: Complete Guide to Understanding Managed Detection & Response…

Identity is the New Attack Surface: Why Threat Detection Alone Isn't…

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

Maximum Severity SAP Vulnerability Exploited

CrushFTP Authentication Bypass