Lucene search

[email protected]CVE-2021-34787

HistoryOct 27, 2021 - 7:15 p.m.

CVE-2021-34787

2021-10-2719:15:08

CWE-755

CWE-183

[email protected]

web.nvd.nist.gov

cve-2021-34787

cisco

asa software

ftd software

vulnerability

idfw

firewall

security

bypass

acl

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

JSON

A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.

Affected configurations

NVD

Node

ciscoadaptive_security_applianceRange<9.8.4.40

ciscofirepower_threat_defenseRange<6.4.0.13

ciscofirepower_threat_defenseRange6.5.0–6.6.5

ciscofirepower_threat_defenseRange6.7.0–6.7.0.3

ciscofirepower_threat_defenseRange7.0.0–7.0.1

ciscoadaptive_security_appliance_softwareRange9.9.0–9.12.4.25

ciscoadaptive_security_appliance_softwareRange9.13.0–9.14.3.1

ciscoadaptive_security_appliance_softwareRange9.15.0–9.15.1.17

ciscoadaptive_security_appliance_softwareRange9.16.0–9.16.1.28

Node

ciscoasa_5512-x_firmwareMatch009.009

ciscoasa_5512-x_firmwareMatch009.012

AND

ciscoasa_5512-xMatch-

Node

ciscoasa_5505_firmwareMatch009.009

ciscoasa_5505_firmwareMatch009.012

AND

ciscoasa_5505Match-

Node

ciscoasa_5515-x_firmwareMatch009.009

ciscoasa_5515-x_firmwareMatch009.012

AND

ciscoasa_5515-xMatch-

Node

ciscoasa_5525-x_firmwareMatch009.009

ciscoasa_5525-x_firmwareMatch009.012

AND

ciscoasa_5525-xMatch-

Node

ciscoasa_5545-x_firmwareMatch009.009

ciscoasa_5545-x_firmwareMatch009.012

AND

ciscoasa_5545-xMatch-

Node

ciscoasa_5555-x_firmwareMatch009.009

ciscoasa_5555-x_firmwareMatch009.012

AND

ciscoasa_5555-xMatch-

Node

ciscoasa_5580_firmwareMatch009.009

ciscoasa_5580_firmwareMatch009.012

AND

ciscoasa_5580Match-

Node

ciscoasa_5585-x_firmwareMatch009.009

ciscoasa_5585-x_firmwareMatch009.012

AND

ciscoasa_5585-xMatch-

CPENameOperatorVersion
cisco:adaptive_security_appliancecisco adaptive security appliancelt9.8.4.40
cisco:firepower_threat_defensecisco firepower threat defenselt6.4.0.13
cisco:firepower_threat_defensecisco firepower threat defenselt6.6.5
cisco:firepower_threat_defensecisco firepower threat defenselt6.7.0.3
cisco:firepower_threat_defensecisco firepower threat defenselt7.0.1
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.12.4.25
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.14.3.1
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.15.1.17
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwarelt9.16.1.28

CPE	Name	Operator	Version
cisco:adaptive_security_appliance	cisco adaptive security appliance	lt	9.8.4.40
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.4.0.13
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.6.5
cisco:firepower_threat_defense	cisco firepower threat defense	lt	6.7.0.3
cisco:firepower_threat_defense	cisco firepower threat defense	lt	7.0.1
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.12.4.25
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.14.3.1
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.15.1.17
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	lt	9.16.1.28

CNA Affected

[
  {
    "product": "Cisco Adaptive Security Appliance (ASA) Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-ejjOgQEY

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for CVE-2021-34787

nessus2 prion1 cvelist1 nvd1 cisco1