First published: Wed Jan 12 2022(Updated: )
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422
Credit: This vulnerability was found during the resolution a Cisco TAC support case
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Adaptive Security Device Manager | =7.15 and later<7.17.1.155 | 7.17.1.155 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco ASDM vulnerability is cisco-sa-asdm-logging-jnLOY422.
The title of this vulnerability is Cisco Adaptive Security Device Manager Information Disclosure Vulnerability.
The severity rating of cisco-sa-asdm-logging-jnLOY422 is medium (5.5).
An authenticated, local attacker can exploit this vulnerability by viewing sensitive information in clear text on an affected system.
To fix this vulnerability, Cisco ASDM must be updated to version 7.17.1.155 or later.