PT-2022-1420 · Cisco · Cisco Adaptive Security Device Manager
Jake Baines
·
Published
2022-01-12
·
Updated
2022-08-19
·
CVE-2022-20651
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Adaptive Security Device Manager (ASDM) (affected versions not specified)
Description
The issue is related to insufficient protection of registration data in the logging component of Cisco Adaptive Security Device Manager (ASDM). This could allow an authenticated, local attacker to view sensitive information in clear text on an affected system, specifically when Cisco ADSM is deployed in a shared workstation environment. The vulnerability is due to the storage of unencrypted credentials in certain logs, which an attacker could exploit by accessing the logs on an affected system, potentially allowing them to view the credentials of other users of the shared device.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Adaptive Security Device Manager