5.3
CVE-2021-34787
- EPSS 1.15%
- Published 27.10.2021 19:15:08
- Last modified 21.11.2024 06:11:12
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Adaptive Security Appliance Version < 9.8.4.40
Cisco ≫ Firepower Threat Defense Version < 6.4.0.13
Cisco ≫ Firepower Threat Defense Version >= 6.5.0 < 6.6.5
Cisco ≫ Firepower Threat Defense Version >= 6.7.0 < 6.7.0.3
Cisco ≫ Firepower Threat Defense Version >= 7.0.0 < 7.0.1
Cisco ≫ Adaptive Security Appliance Software Version >= 9.9.0 < 9.12.4.25
Cisco ≫ Adaptive Security Appliance Software Version >= 9.13.0 < 9.14.3.1
Cisco ≫ Adaptive Security Appliance Software Version >= 9.15.0 < 9.15.1.17
Cisco ≫ Adaptive Security Appliance Software Version >= 9.16.0 < 9.16.1.28
Cisco ≫ Asa 5512-x Firmware Version009.009
Cisco ≫ Asa 5512-x Firmware Version009.012
Cisco ≫ Asa 5505 Firmware Version009.009
Cisco ≫ Asa 5505 Firmware Version009.012
Cisco ≫ Asa 5515-x Firmware Version009.009
Cisco ≫ Asa 5515-x Firmware Version009.012
Cisco ≫ Asa 5525-x Firmware Version009.009
Cisco ≫ Asa 5525-x Firmware Version009.012
Cisco ≫ Asa 5545-x Firmware Version009.009
Cisco ≫ Asa 5545-x Firmware Version009.012
Cisco ≫ Asa 5555-x Firmware Version009.009
Cisco ≫ Asa 5555-x Firmware Version009.012
Cisco ≫ Asa 5580 Firmware Version009.009
Cisco ≫ Asa 5580 Firmware Version009.012
Cisco ≫ Asa 5585-x Firmware Version009.009
Cisco ≫ Asa 5585-x Firmware Version009.012
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.15% | 0.777 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-183 Permissive List of Allowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.