NVD Vulnerability Detail

CVE-2021-1585

Summary	A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM.
Publication Date	July 9, 2021, 4:15 a.m.
Registration Date	July 9, 2021, 10 a.m.
Last Update	Nov. 21, 2024, 2:44 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:cisco:adaptive_security_device_manager::::::::					7.18.1.152

Related information, measures and tools

No	URL	タグ
1	https://github.com/jbaines-r7/staystaystay	Exploit Third Party Advisory
2	https://github.com/jbaines-r7/staystaystay	Exploit Third Party Advisory
3	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW	Vendor Advisory
4	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW	Vendor Advisory
5	https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/	Exploit Third Party Advisory
6	https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/	Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html

JVN Vulnerability Information

Cisco Adaptive Security Device Manager Launcher におけるコードインジェクションの脆弱性

Title	Cisco Adaptive Security Device Manager Launcher におけるコードインジェクションの脆弱性
Summary	Cisco Adaptive Security Device Manager (ASDM) Launcher には、コードインジェクションの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	July 7, 2021, midnight
Registration Date	April 6, 2022, 3 p.m.
Last Update	April 6, 2022, 3 p.m.

Affected System

シスコシステムズ

Cisco Adaptive Security Device Manager

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-1585	https://www.cve.org/CVERecord?id=CVE-2021-1585
National Vulnerability Database (NVD)
2	CVE-2021-1585	https://nvd.nist.gov/vuln/detail/CVE-2021-1585

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-94	https://jvndb.jvn.jp/ja/cwe/CWE-94.html

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	cisco-sa-asdm-rce-gqjShXW	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW

Change Log

No	Changed Details	Date of change
1	[2022年04月06日] 掲載	April 6, 2022, 3 p.m.