mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 18:42:46 +00:00
34 lines
2.0 KiB
Markdown
34 lines
2.0 KiB
Markdown
### [CVE-2021-1585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1585)
|
|
%20Software&color=blue)
|
|
|
|
|
|
|
|
### Description
|
|
|
|
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM.
|
|
|
|
### POC
|
|
|
|
#### Reference
|
|
- https://github.com/jbaines-r7/staystaystay
|
|
|
|
#### Github
|
|
- https://github.com/ARPSyndicate/cve-scores
|
|
- https://github.com/ARPSyndicate/cvemon
|
|
- https://github.com/NaInSec/CVE-PoC-in-GitHub
|
|
- https://github.com/SYRTI/POC_to_review
|
|
- https://github.com/WhooAmii/POC_to_review
|
|
- https://github.com/anquanscan/sec-tools
|
|
- https://github.com/jbaines-r7/cisco_asa_research
|
|
- https://github.com/jbaines-r7/staystaystay
|
|
- https://github.com/jbaines-r7/theway
|
|
- https://github.com/k0mi-tg/CVE-POC
|
|
- https://github.com/manas3c/CVE-POC
|
|
- https://github.com/nomi-sec/PoC-in-GitHub
|
|
- https://github.com/soosmile/POC
|
|
- https://github.com/trhacknon/Pocingit
|
|
- https://github.com/whoforget/CVE-POC
|
|
- https://github.com/youwizard/CVE-POC
|
|
- https://github.com/zecool/cve
|
|
|