A Cisco vulnerability in the Adaptive Security Device Manager (ADSM) Launcher disclosed last month is a zero-day bug that has yet to receive a security update. The vulnerability is caused by improper signature verification for code exchanged between the ASDM and the Launcher. An unauthenticated attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the AsDM and then inject arbitrary code. The company says that its Product Security Incident Response Response Team (PSIRT) is not yet aware of proof-of-concept exploits for this vulnerability.
Source: https://www.bleepingcomputer.com/news/security/cisco-firewall-manager-rce-bug-is-a-zero-day-patch-incoming/