A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HCisco Adaptive Security Device Manager
APPCisco< 7.18.1.150Cisco Asa 5512 X
HWCiscowszystkie wersjeCisco Asa 5512 X Firmware
OSCisco< 9.18.2Cisco Asa 5515 X
HWCiscowszystkie wersjeCisco Asa 5515 X Firmware
OSCisco< 9.18.2Cisco Asa 5585 X
HWCiscowszystkie wersjeCisco Asa 5585 X Firmware
OSCisco< 9.18.2Cisco Firepower 1010
HWCiscowszystkie wersjeCisco Firepower 1120
HWCiscowszystkie wersjeCisco Firepower 1140
HWCiscowszystkie wersjeCisco Firepower 1150
HWCiscowszystkie wersjeCisco Firepower 2110
HWCiscowszystkie wersjeCisco Firepower 2120
HWCiscowszystkie wersjeCisco Firepower 2130
HWCiscowszystkie wersjeCisco Firepower 2140
HWCiscowszystkie wersjeCisco Firepower 4110
HWCiscowszystkie wersjeCisco Firepower 4112
HWCiscowszystkie wersjeCisco Firepower 4115
HWCiscowszystkie wersjeCisco Firepower 4120
HWCiscowszystkie wersjeCisco Firepower 4125
HWCiscowszystkie wersjeCisco Firepower 4140
HWCiscowszystkie wersjeCisco Firepower 4145
HWCiscowszystkie wersjeCisco Firepower 9300
HWCiscowszystkie wersjeCisco Isa 3000
HWCiscowszystkie wersjeCisco Isa 3000 Firmware
OSCisco< 9.18.2
Related vulnerabilities
Cisco FTD: statyczne konta z zakodowanymi hasłami umożliwiają nieautoryzowany dostęp
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software cou...
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Fi...
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could a...
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Fi...