QID 317201
Date Published: 2022-06-29
QID 317201: Cisco Adaptive Security Device Manager (ASDM) and Adaptive Security Appliance (ASA) Software Client-side Arbitrary Code Execution Vulnerability (cisco-sa-asa-asdm-sig-NPKvwDjm)
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software.
QID category kept in practice as not supported to Cisco ASDM-IDM
Affected Products
The device was running a Cisco ASA Software release earlier than Release 9.18.2.
The device was configured with a Cisco ASDM release earlier than Release 7.18.1.150.
The Cisco ASDM image was using a Cisco ASDM-IDM Launcher release earlier than Release 1.9(4).
The device was configured for HTTPS management access.
QID Detection Logic (Unauthenticated):
The QID sends a get request to /admin/public/index.html and fetches version information of ASDM of Cisco ASA device and The check matches Cisco ASA OS version retrieved via Unix Auth using "version" command.
A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine.
Customers are advised to refer to cisco-sa-asa-asdm-sig-NPKvwDjm for more information.
- cisco-sa-asa-asdm-sig-NPKvwDjm -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-asdm-sig-NPKvwDjm
CVEs related to QID 317201
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-asa-asdm-sig-NPKvwDjm |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-asdm-sig-NPKvwDjm |