CVE-2021-1585Code Injection in Cisco Adaptive Security Device Manager

CWE-94Code Injection5 documents5 sources
Severity
8.1HIGHNVD
CNA7.5
EPSS
53.4%
top 2.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Adaptive Security Device ManagerCisco Adaptive Security Appliance Software
Timeline
PublishedJul 8
Latest updateMay 24

Description

A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrar

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3fc6-gf75-vvc3: A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary cod2022-05-24
CVEList
Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability2021-07-08

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability2021-07-07

💬Community

1
Bugzilla
CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option2017-03-02
CVE-2021-1585 — Code Injection in Cisco | cvebase