A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the malicious user to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco isa_3000_firmware |
||
cisco asa_5585-x_firmware |
||
cisco asa_5512-x_firmware |
||
cisco asa_5515-x_firmware |
||
cisco adaptive_security_device_manager |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Bugs potentially useful for rogue insiders, admin account hijackers
Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacture...