45 matches found
EUVD-2014-2166
Malware in sbrugna...
EUVD-2022-25901
Malicious code in bioql PyPI...
CVE-2024-20494
A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...
Cisco ASA ASDM Brute-force Login
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA ASDM Brute-force Login', 'Description' = %q This module scans for the Cisco ASA ASDM landing page and performs login brute-force to...
CVE-2023-5553
CVE-2023-5553 affects Axis OS Secure Boot protection. The AXIS OS tampering-protection bypass is the underlying issue, enabling a sophisticated attack to bypass the device’s tamper protection. Public detail indicates affected AXIS OS ranges include versions 10.8–11.6 (per external summaries), wit...
Cisco ASA-X With FirePOWER Services Authenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA-X with FirePOWER Services Authenticated Command Injection', 'Description' = %q This module exploits an authenticated command injection...
Cisco ASA-X With FirePOWER Services Authenticated Command Injection Exploit
This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual...
Cisco ASA-X with FirePOWER Services Authenticated Command Injection
This module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine...
Cisco ASA ASDM Brute-force Login
This module scans for the Cisco ASA ASDM landing page and performs login brute-force to identify valid credentials. Module Options msf use auxiliary/scanner/http/ciscoasaasdmbruteforce msf auxiliaryciscoasaasdmbruteforce show actions ...actions... msf auxiliaryciscoasaasdmbruteforce set ACTION ms...
Metasploit Wrap-Up
Advantech iView NetworkServlet Command Injection This week Shelby Pace has developed a new exploit module for CVE-2022-2143. This module uses an unauthenticated command injection vulnerability to gain remote code execution against vulnerable versions of Advantech iView software below 5.7.04.6469...
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software
Rapid7 discovered vulnerabilities and “non-security” issues affecting Cisco Adaptive Security Software ASA, Adaptive Security Device Manager ASDM, and FirePOWER Services Software for ASA. Rapid7 initially reported the issues to Cisco in separate disclosures in February and March 2022. Rapid7 and...
CVE-2022-20829
A vulnerability in the packaging of Cisco Adaptive Security Device Manager ASDM images and the validation of those images by Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious...
CVE-2022-20829
CVE-2022-20829 concerns Cisco ASA Software and ASDM packaging: an authenticated admin can upload a crafted ASDM image to a device running ASA, exploiting insufficient validation of ASDM image authenticity to execute arbitrary code on the target. Exploitation path involves the attacker delivering ...
CVE-2022-20829 Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
A vulnerability in the packaging of Cisco Adaptive Security Device Manager ASDM images and the validation of those images by Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious...
CVE-2022-20651
A vulnerability in the logging component of Cisco Adaptive Security Device Manager ASDM could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited...
CVE-2022-20651 Cisco Adaptive Security Device Manager Information Disclosure Vulnerability
A vulnerability in the logging component of Cisco Adaptive Security Device Manager ASDM could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited...
CVE-2022-20651
CVE-2022-20651 describes an information-disclosure in the Cisco ASDM logging component. An authenticated, local attacker could access logs on a shared workstation and read unencrypted credentials stored there, leaking other users’ credentials. The issue is tied to how ASDM logs store sensitive da...
PT-2022-3078 · Cisco · Cisco Asa +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Adaptive Security Device Manager ASDM affected versions not specified Description: A vulnerability in the packaging of Cisco Adaptive Security Device Manager...
Exploit for Code Injection in Cisco Adaptive_Security_Device_Manager
staystaystay staystaystay is a proof of concept exploit for...
Cisco ASDM Information Disclosure (cisco-sa-asdm-logging-jnLOY422)
An information disclosure vulnerability exists in Cisco Adaptive Security Device Manager ASDM due to the storage of unencrypted credentials in certain logs. An authenticated, local attacker can exploit this, by accessing the logs on an affected system, to view the credentials of other users of th...