Lucene search

CiscoCISCO-SA-ASAFTD-SNMPACCESS-M6YOWEQ3

HistoryOct 27, 2021 - 4:00 p.m.

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability

2021-10-2716:00:00

tools.cisco.com

0.001 Low

EPSS

Percentile

45.8%

JSON

A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data.

This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmpaccess-M6yOweq3 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmpaccess-M6yOweq3”]

This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2021 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74773”].

Affected configurations

Vulners

Node

ciscoadaptive_security_appliance_softwareMatch9.14

ciscoadaptive_security_appliance_softwareMatch9.15

ciscofirepower_2100Matchany

ciscofirepower_1000Matchany

ciscoasa_5500-xMatchany

ciscoindustrial_security_appliances_3000Matchany

ciscofirepower_9000Matchany

ciscofirepower_4100Matchany

ciscoadaptive_security_virtual_applianceMatchany

ciscofirepower_threat_defense_softwareMatch6.6

ciscofirepower_threat_defense_softwareMatch6.7

ciscofirepower_2100Matchany

ciscofirepower_1000Matchany

ciscoasa_5500-xMatchany

ciscoindustrial_security_appliances_3000Matchany

ciscofirepower_9000Matchany

ciscofirepower_4100Matchany

ciscofirepower_threat_defense_virtualMatchany

ciscoadaptive_security_appliance_softwareMatch9.14.1.10

ciscoadaptive_security_appliance_softwareMatch9.14.1.19

ciscoadaptive_security_appliance_softwareMatch9.14.1.30

ciscoadaptive_security_appliance_softwareMatch9.14.2

ciscoadaptive_security_appliance_softwareMatch9.15.1

ciscoadaptive_security_appliance_softwareMatch2100 Series

ciscoadaptive_security_appliance_softwareMatch1000 Series

ciscoasaMatch5500-X Series Firewalls

ciscoadaptive_security_appliance_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscoadaptive_security_appliance_softwareMatch9000 Series

ciscoadaptive_security_appliance_softwareMatch4100 Series

ciscoadaptive_security_virtual_applianceMatchany

ciscofirepower_threat_defense_softwareMatch6.6.0.1

ciscofirepower_threat_defense_softwareMatch6.6.1

ciscofirepower_threat_defense_softwareMatch6.7.0

ciscofirepower_threat_defense_softwareMatch2100 Series

ciscofirepower_threat_defense_softwareMatch1000 Series

ciscofirepower_threat_defense_softwareMatch5500-X Series Firewalls

ciscofirepower_threat_defense_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscofirepower_threat_defense_softwareMatch9000 Series

ciscofirepower_threat_defense_softwareMatch4100 Series

ciscofirepower_threat_defense_virtualMatchany

ciscoadaptive_security_appliance_softwareMatch1000 Series

ciscoasaMatch5500-X Series Firewalls

ciscoadaptive_security_appliance_softwareMatch2100 Series

ciscoadaptive_security_appliance_softwareMatch1000 Series

ciscoasaMatch5500-X Series Firewalls

ciscoadaptive_security_appliance_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscoadaptive_security_appliance_softwareMatch9000 Series

ciscoadaptive_security_appliance_softwareMatch4100 Series

ciscoadaptive_security_appliance_softwareMatch9.14.1.19 when installed on Cisco Adaptive Security Virtual Appliance (ASAv)

ciscoadaptive_security_appliance_softwareMatch2100 Series

ciscoadaptive_security_appliance_softwareMatch1000 Series

ciscoasaMatch5500-X Series Firewalls

ciscoadaptive_security_appliance_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscoadaptive_security_appliance_softwareMatch9000 Series

ciscoadaptive_security_appliance_softwareMatch4100 Series

ciscoadaptive_security_appliance_softwareMatch9.14.1.30 when installed on Cisco Adaptive Security Virtual Appliance (ASAv)

ciscoadaptive_security_appliance_softwareMatch2100 Series

ciscoadaptive_security_appliance_softwareMatch1000 Series

ciscoasaMatch5500-X Series Firewalls

ciscoadaptive_security_appliance_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscoadaptive_security_appliance_softwareMatch9000 Series

ciscoadaptive_security_appliance_softwareMatch4100 Series

ciscoadaptive_security_appliance_softwareMatch9.14.2 when installed on Cisco Adaptive Security Virtual Appliance (ASAv)

ciscoadaptive_security_appliance_softwareMatch2100 Series

ciscoadaptive_security_appliance_softwareMatch1000 Series

ciscoasaMatch5500-X Series Firewalls

ciscoadaptive_security_appliance_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscoadaptive_security_appliance_softwareMatch9000 Series

ciscoadaptive_security_appliance_softwareMatch4100 Series

ciscoadaptive_security_appliance_softwareMatch9.15.1 when installed on Cisco Adaptive Security Virtual Appliance (ASAv)

ciscofirepower_threat_defense_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscofirepower_threat_defense_softwareMatch9000 Series

ciscofirepower_threat_defense_softwareMatch4100 Series

ciscofirepower_threat_defense_softwareMatch2100 Series

ciscofirepower_threat_defense_softwareMatch1000 Series

ciscofirepower_threat_defense_softwareMatch5500-X Series Firewalls

ciscofirepower_threat_defense_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscofirepower_threat_defense_softwareMatch9000 Series

ciscofirepower_threat_defense_softwareMatch4100 Series

ciscofirepower_threat_defense_softwareMatch6.6.1 when installed on Cisco Secure Firewall Threat Defense Virtual

ciscofirepower_threat_defense_softwareMatch2100 Series

ciscofirepower_threat_defense_softwareMatch1000 Series

ciscofirepower_threat_defense_softwareMatch5500-X Series Firewalls

ciscofirepower_threat_defense_softwareMatch3000 Series Industrial Security Appliances (ISA)

ciscofirepower_threat_defense_softwareMatch9000 Series

ciscofirepower_threat_defense_softwareMatch4100 Series

ciscofirepower_threat_defense_softwareMatch6.7.0 when installed on Cisco Secure Firewall Threat Defense Virtual

CPENameOperatorVersion
cisco adaptive security appliance (asa) softwareeq9.14
cisco adaptive security appliance (asa) softwareeq9.15
cisco firepower 2100 serieseqany
cisco firepower 1000 serieseqany
cisco asa 5500-x series firewallseqany
cisco 3000 series industrial security appliances (isa)eqany
cisco firepower 9000 serieseqany
cisco firepower 4100 serieseqany
cisco adaptive security virtual appliance (asav)eqany
cisco firepower threat defense softwareeq6.6

Name	Operator	Version
cisco adaptive security appliance (asa) software	eq	9.14
cisco adaptive security appliance (asa) software	eq	9.15
cisco firepower 2100 series	eq	any
cisco firepower 1000 series	eq	any
cisco asa 5500-x series firewalls	eq	any
cisco 3000 series industrial security appliances (isa)	eq	any
cisco firepower 9000 series	eq	any
cisco firepower 4100 series	eq	any
cisco adaptive security virtual appliance (asav)	eq	any
cisco firepower threat defense software	eq	6.6