high
7.5
CWE
94
Advisory Published

cisco-sa-asdm-rce-gqjShXW: Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability

First published: Wed Jul 07 2021(Updated: )

A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW

Credit: security researcher Malcolm Lashley for reporting these vulnerabilities.

Affected SoftwareAffected VersionHow to fix
Cisco Adaptive Security Device Manager (ASDM)>=7.17 and earlier<=7.18<7.18.1.152
7.18.1.152

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW?

    The severity of Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW is critical due to the potential for unauthenticated remote code execution.

  • How do I fix Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW?

    To fix Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW, update the Cisco Adaptive Security Device Manager (ASDM) to version 7.18.1.153 or later.

  • Who is affected by Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW?

    Users of Cisco Adaptive Security Device Manager (ASDM) versions 7.17 and earlier as well as ASDM version 7.18 up to but not including 7.18.1.153 are affected by Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW.

  • What can an attacker do in relation to Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW?

    An attacker could exploit the vulnerability in Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW to execute arbitrary code on the victim's operating system.

  • What product is impacted by Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW?

    The product impacted by Cisco Security Advisory cisco-sa-asdm-rce-gqjShXW is the Cisco Adaptive Security Device Manager (ASDM).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203