CVE-2021-1585
Summary
| CVE | CVE-2021-1585 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-07-08 19:15:00 UTC |
|---|
| Updated | 2023-12-15 17:14:00 UTC |
|---|
| Description | A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| GitHub - jbaines-r7/staystaystay: Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE |
MISC |
github.com |
|
| Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability |
CISCO |
tools.cisco.com |
|
| Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER | Rapid7 Blog |
MISC |
www.rapid7.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 730132 Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability(cisco-sa-asdm-rce-gqjShXW)
