Rewterz Threat Advisory – CVE-2021-1585 – Cisco Adaptive Security Device Manager Code Execution Vulnerability
July 8, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
July 8, 2021Rewterz Threat Advisory – CVE-2021-1585 – Cisco Adaptive Security Device Manager Code Execution Vulnerability
July 8, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
July 8, 2021Severity
High
Analysis Summary
CVE-2021-1574; CVE-2021-1576
Cisco Business Process Automation could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization enforcement for specific features. By sending specially-crafted HTTP messages, an authenticated attacker could exploit this vulnerability to gain elevated privileges to the Administrator to perform unauthorized actions or obtain sensitive data from the logs.
Impact
- Unauthorized access
- Privilege escalation
Affected Vendors
Cisco
Affected Products
- Cisco Business Process Automation 3.0
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4