|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Cisco Adaptive Security Appliance (ASA)
Hardware solutions / Security hardware applicances
Cisco Adaptive Security Device Manager (ASDM)
Client/Desktop applications / Software for system administration
|Vendor||Cisco Systems, Inc|
This security bulletin contains one medium risk vulnerability.
Exploit availability: YesDescription
The vulnerability allows a remote user compromise the affected system.
The vulnerability exists due to insufficient verification of Cisco Adaptive Security Device Manager (ASDM) images deployed to Cisco Adaptive Security Appliance (ASA) Software. A remote privileged user can upload a malicious ASDM image to a device that is running Cisco ASA Software and compromise the system.
Install updates from vendor's website.Vulnerable software versions
Cisco Adaptive Security Appliance (ASA): 9.0 - 9.18.1
Cisco Adaptive Security Device Manager (ASDM): 7.15.1 - 7.18
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.