3 matches found
CVE-2021-1585
CVE-2021-1585 concerns Cisco ASA ASDM Launcher. The connected sources confirm a remote, unauthenticated code-execution flaw caused by improper signature verification between the ASDM Launcher and its code, enabling a MITM attacker to inject and execute arbitrary Java on an administrator’s machine...
CVE-2022-20651
CVE-2022-20651 describes an information-disclosure in the Cisco ASDM logging component. An authenticated, local attacker could access logs on a shared workstation and read unencrypted credentials stored there, leaking other users’ credentials. The issue is tied to how ASDM logs store sensitive da...
CVE-2022-20829
CVE-2022-20829 concerns Cisco ASA Software and ASDM packaging: an authenticated admin can upload a crafted ASDM image to a device running ASA, exploiting insufficient validation of ASDM image authenticity to execute arbitrary code on the target. Exploitation path involves the attacker delivering ...