8.6

CVE-2021-1501

A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition.The vulnerability is due to a crash that occurs during a hash lookup for a SIP pinhole connection. An attacker could exploit this vulnerability by sending crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a crash and reload of the affected device.

Data is provided by the National Vulnerability Database (NVD)
CiscoFirepower Threat Defense Version >= 6.2.2 < 6.4.0.12
CiscoFirepower Threat Defense Version >= 6.5.0 < 6.6.4
CiscoFirepower Threat Defense Version >= 6.7.0 < 6.7.0.2
CiscoAdaptive Security Appliance Software Version >= 9.8 < 9.8.4.34
CiscoAdaptive Security Appliance Software Version >= 9.9 < 9.9.2.85
CiscoAdaptive Security Appliance Software Version >= 9.10 < 9.12.4.18
CiscoAdaptive Security Appliance Software Version >= 9.13 < 9.13.1.21
CiscoAdaptive Security Appliance Software Version >= 9.14 < 9.14.2.13
CiscoAdaptive Security Appliance Software Version >= 9.15 < 9.15.1.15
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.77% 0.711
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."