Security News > 2021 > August > Cisco: Firewall manager RCE bug is a zero-day, patch incoming
In a Thursday security advisory update, Cisco revealed that a remote code execution vulnerability in the Adaptive Security Device Manager Launcher disclosed last month is a zero-day bug that has yet to receive a security update.
Cisco ADSM is a firewall appliance manager that provides a web interface for managing Cisco Adaptive Security Appliance firewalls and AnyConnect Secure Mobility clients.
"At the time of publication, Cisco planned to fix this vulnerability in Cisco ASDM," the company says in the updated advisory.
While Cisco PSIRT said that proof-of-concept exploit code was available publicly when the bug was disclosed, it also added that there was no evidence of in the wild abuse.
Cisco revealed the zero-day in November 2020 without security updates addressing the underlying weakness, but it did provide mitigation measures to decrease the attack surface.
Last month, attackers immediately pounced on a Cisco ASA bug, immediately after Positive Technologies' Offensive Team published a PoC exploit.
News URL
Related news
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)