What is CVE-2020-27130?

CVE-2020-27130 is a critical-severity vulnerability in Cisco Security Manager, classified under Path Traversal: '.../...//'. CVSS score: 9.1/10. Published 2020-11-17.

How severe is CVE-2020-27130?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2020-27130 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Cisco Security Manager

CVE-2020-27130

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests t…

EPSS: 0.141 (94.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Security Manager — versions n/a

Weakness classification (CWE)

CWE-35 — Path Traversal: '.../...//'

Public proof-of-concept exploits

References

20201116 Cisco Security Manager Path Traversal Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-27130?: CVE-2020-27130 is a critical-severity vulnerability in Cisco Security Manager, classified under Path Traversal: '.../...//'. CVSS score: 9.1/10. Published 2020-11-17.
How severe is CVE-2020-27130?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2020-27130 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.