8.6

CVE-2021-34783

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.

Data is provided by the National Vulnerability Database (NVD)
CiscoFirepower Threat Defense Version >= 6.4.0 < 6.4.0.13
CiscoFirepower Threat Defense Version >= 6.6.0 < 6.6.5
CiscoFirepower Threat Defense Version >= 6.7.0 < 6.7.0.3
CiscoFirepower Threat Defense Version >= 7.0.0 < 7.0.1
CiscoAdaptive Security Appliance Software Version >= 9.8.0 < 9.8.4.40
CiscoAdaptive Security Appliance Software Version >= 9.12.0 < 9.12.4.29
CiscoAdaptive Security Appliance Software Version >= 9.14.0 < 9.14.3.9
CiscoAdaptive Security Appliance Software Version >= 9.15.0 < 9.15.1.17
CiscoAdaptive Security Appliance Software Version >= 9.16.0 < 9.16.2
CiscoAsa 5512-x Firmware Version009.016(001)
   CiscoAsa 5512-x Version-
CiscoAsa 5512-x Firmware Version009.016(001.025)
   CiscoAsa 5512-x Version-
CiscoAsa 5505 Firmware Version009.016(001)
   CiscoAsa 5505 Version-
CiscoAsa 5505 Firmware Version009.016(001.025)
   CiscoAsa 5505 Version-
CiscoAsa 5515-x Firmware Version009.016(001)
   CiscoAsa 5515-x Version-
CiscoAsa 5515-x Firmware Version009.016(001.025)
   CiscoAsa 5515-x Version-
CiscoAsa 5525-x Firmware Version009.016(001)
   CiscoAsa 5525-x Version-
CiscoAsa 5525-x Firmware Version009.016(001.025)
   CiscoAsa 5525-x Version-
CiscoAsa 5545-x Firmware Version009.016(001)
   CiscoAsa 5545-x Version-
CiscoAsa 5545-x Firmware Version009.016(001.025)
   CiscoAsa 5545-x Version-
CiscoAsa 5555-x Firmware Version009.016(001)
   CiscoAsa 5555-x Version-
CiscoAsa 5555-x Firmware Version009.016(001.025)
   CiscoAsa 5555-x Version-
CiscoAsa 5580 Firmware Version009.016(001)
   CiscoAsa 5580 Version-
CiscoAsa 5580 Firmware Version009.016(001.025)
   CiscoAsa 5580 Version-
CiscoAsa 5585-x Firmware Version009.016(001)
   CiscoAsa 5585-x Version-
CiscoAsa 5585-x Firmware Version009.016(001.025)
   CiscoAsa 5585-x Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.77% 0.726
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.