Published: 08/07/2021 Updated: 15/12/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 829

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote malicious user to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the malicious user to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the malicious user to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco adaptive security device manager

A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher An attacker could exploit this vulne ...

A tool for extracting, modifying, and crafting ASDM binary packages (CVE-2022-20829)

The Way The Way is a tool for unpacking, repacking, and creating malicious Cisco Adaptive Security Device Manager (ASDM) packages ASDM is the Java-based administrative GUI for Adaptive Security Appliance (ASA) systems (eg firewalls and VPNs) The ASDM package is hosted on the ASA and sub-components are downloaded each time an administrator connects to the ASA via ASDM An at

Cisco ASA Software and ASDM Security Research

Cisco ASA Research This repository contains slides and code presented at Black Hat USA 2022 and DEF CON 30 The following can be found: Slides DEF CON 30 and Black Hat slide decks The DEF CON deck is slightly longer due to a longer time slot theway - a tool for creating malicious/distributable ASDM packages for the Cisco ASA (CVE-2022-20829) whatsup - a tool for creating

Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE

staystaystay staystaystay is a proof of concept exploit for CVE-2021-1585, a man in the middle or evil endpoint RCE issue affecting Cisco ASA Device Manager (ASDM) The issue was originally discovered by Malcolm Lashley and disclosed in the summer of 2021 However, at the time I was looking at this, it was unpatched in the latest version (ASDM 717(1)), I stumbled upon this ind

CWE-94 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/https://github.com/jbaines-r7/staystaystay https://nvd.nist.gov https://github.com/jbaines-r7/theway https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW

CVE-2021-1585

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect