| ID |
CVE-2021-1585
|
| Sažetak |
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM. |
| Reference |
|
| CVSS |
| Base: | 9.3 |
| Impact: | 10.0 |
| Exploitability: | 8.6 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| CVSS vektor |
AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Zadnje važnije ažuriranje |
15-12-2023 - 17:14 |
| Objavljeno |
08-07-2021 - 19:15 |
