8.6

CVE-2021-34792

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability

A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoFirepower Threat Defense Version >= 6.4.0 < 6.4.0.13
CiscoFirepower Threat Defense Version >= 6.6.0 < 6.6.5
CiscoFirepower Threat Defense Version >= 6.7.0 < 6.7.0.3
CiscoFirepower Threat Defense Version >= 7.0.0 < 7.0.1
CiscoAdaptive Security Appliance Software Version >= 9.8.0 < 9.8.4.40
CiscoAdaptive Security Appliance Software Version >= 9.12.0 < 9.12.4.29
CiscoAdaptive Security Appliance Software Version >= 9.14.0 < 9.14.3.9
CiscoAdaptive Security Appliance Software Version >= 9.15.0 < 9.15.1.17
CiscoAdaptive Security Appliance Software Version >= 9.16.0 < 9.16.2.3
CiscoAsa 5512-x Firmware Version009.014(001.150)
   CiscoAsa 5512-x Version-
CiscoAsa 5512-x Firmware Version099.017(001.211)
   CiscoAsa 5512-x Version-
CiscoAsa 5512-x Firmware Version099.017(001.220)
   CiscoAsa 5512-x Version-
CiscoAsa 5512-x Firmware Version099.017(015.050)
   CiscoAsa 5512-x Version-
CiscoAsa 5505 Firmware Version009.014(001.150)
   CiscoAsa 5505 Version-
CiscoAsa 5505 Firmware Version099.017(001.211)
   CiscoAsa 5505 Version-
CiscoAsa 5505 Firmware Version099.017(001.220)
   CiscoAsa 5505 Version-
CiscoAsa 5505 Firmware Version099.017(015.050)
   CiscoAsa 5505 Version-
CiscoAsa 5515-x Firmware Version009.014(001.150)
   CiscoAsa 5515-x Version-
CiscoAsa 5515-x Firmware Version099.017(001.211)
   CiscoAsa 5515-x Version-
CiscoAsa 5515-x Firmware Version099.017(001.220)
   CiscoAsa 5515-x Version-
CiscoAsa 5515-x Firmware Version099.017(015.050)
   CiscoAsa 5515-x Version-
CiscoAsa 5525-x Firmware Version009.014(001.150)
   CiscoAsa 5525-x Version-
CiscoAsa 5525-x Firmware Version099.017(001.211)
   CiscoAsa 5525-x Version-
CiscoAsa 5525-x Firmware Version099.017(001.220)
   CiscoAsa 5525-x Version-
CiscoAsa 5525-x Firmware Version099.017(015.050)
   CiscoAsa 5525-x Version-
CiscoAsa 5545-x Firmware Version009.014(001.150)
   CiscoAsa 5545-x Version-
CiscoAsa 5545-x Firmware Version099.017(001.211)
   CiscoAsa 5545-x Version-
CiscoAsa 5545-x Firmware Version099.017(001.220)
   CiscoAsa 5545-x Version-
CiscoAsa 5545-x Firmware Version099.017(015.050)
   CiscoAsa 5545-x Version-
CiscoAsa 5555-x Firmware Version009.014(001.150)
   CiscoAsa 5555-x Version-
CiscoAsa 5555-x Firmware Version099.017(001.211)
   CiscoAsa 5555-x Version-
CiscoAsa 5555-x Firmware Version099.017(001.220)
   CiscoAsa 5555-x Version-
CiscoAsa 5555-x Firmware Version099.017(015.050)
   CiscoAsa 5555-x Version-
CiscoAsa 5580 Firmware Version009.014(001.150)
   CiscoAsa 5580 Version-
CiscoAsa 5580 Firmware Version099.017(001.211)
   CiscoAsa 5580 Version-
CiscoAsa 5580 Firmware Version099.017(001.220)
   CiscoAsa 5580 Version-
CiscoAsa 5580 Firmware Version099.017(015.050)
   CiscoAsa 5580 Version-
CiscoAsa 5585-x Firmware Version009.014(001.150)
   CiscoAsa 5585-x Version-
CiscoAsa 5585-x Firmware Version099.017(001.211)
   CiscoAsa 5585-x Version-
CiscoAsa 5585-x Firmware Version099.017(001.220)
   CiscoAsa 5585-x Version-
CiscoAsa 5585-x Firmware Version099.017(015.050)
   CiscoAsa 5585-x Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.39% 0.687
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-Unk689XY
Vendor Advisory