VDB
CVE-2022-20651
CVE-2022-20651
PUBLISHED
CVSS 5.5 MEDIUM
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.
EPSS 0.02% · 6.8th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.02%
6.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | adaptive_security_device_manager | 7.15.1 |
| Cisco | Cisco Adaptive Security Device Manager (ASDM) | n/a |
Exploit Intelligence
Timeline
- Jun 22, 2022 CVE Published
- Jun 23, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Nov 14, 2022 EPSS Score
- Jan 1, 2023 EPSS Score
- Feb 18, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 11, 2023 EPSS Score
- Aug 28, 2023 EPSS Score
References
- 20220112 Cisco Adaptive Security Device Manager Information Disclosure Vulnerability vendor-advisory
- https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-20651 advisory
- https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software url