Lucene search

K
cve[email protected]CVE-2021-34787
HistoryOct 27, 2021 - 7:15 p.m.

CVE-2021-34787

2021-10-2719:15:08
CWE-755
CWE-183
web.nvd.nist.gov
27
cve-2021-34787
cisco
asa software
ftd software
vulnerability
idfw
firewall
security
bypass
acl

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.9%

A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.

Affected configurations

NVD
Node
ciscoadaptive_security_applianceRange<9.8.4.40
OR
ciscofirepower_threat_defenseRange<6.4.0.13
OR
ciscofirepower_threat_defenseRange6.5.06.6.5
OR
ciscofirepower_threat_defenseRange6.7.06.7.0.3
OR
ciscofirepower_threat_defenseRange7.0.07.0.1
OR
ciscoadaptive_security_appliance_softwareRange9.9.09.12.4.25
OR
ciscoadaptive_security_appliance_softwareRange9.13.09.14.3.1
OR
ciscoadaptive_security_appliance_softwareRange9.15.09.15.1.17
OR
ciscoadaptive_security_appliance_softwareRange9.16.09.16.1.28
Node
ciscoasa_5512-x_firmwareMatch009.009
OR
ciscoasa_5512-x_firmwareMatch009.012
AND
ciscoasa_5512-xMatch-
Node
ciscoasa_5505_firmwareMatch009.009
OR
ciscoasa_5505_firmwareMatch009.012
AND
ciscoasa_5505Match-
Node
ciscoasa_5515-x_firmwareMatch009.009
OR
ciscoasa_5515-x_firmwareMatch009.012
AND
ciscoasa_5515-xMatch-
Node
ciscoasa_5525-x_firmwareMatch009.009
OR
ciscoasa_5525-x_firmwareMatch009.012
AND
ciscoasa_5525-xMatch-
Node
ciscoasa_5545-x_firmwareMatch009.009
OR
ciscoasa_5545-x_firmwareMatch009.012
AND
ciscoasa_5545-xMatch-
Node
ciscoasa_5555-x_firmwareMatch009.009
OR
ciscoasa_5555-x_firmwareMatch009.012
AND
ciscoasa_5555-xMatch-
Node
ciscoasa_5580_firmwareMatch009.009
OR
ciscoasa_5580_firmwareMatch009.012
AND
ciscoasa_5580Match-
Node
ciscoasa_5585-x_firmwareMatch009.009
OR
ciscoasa_5585-x_firmwareMatch009.012
AND
ciscoasa_5585-xMatch-

CNA Affected

[
  {
    "product": "Cisco Adaptive Security Appliance (ASA) Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.9%

Related for CVE-2021-34787