← Back

CVE-2021-34787

nvd nist
Published: Oct 27, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.

Affected (25)

Cisco
11 products
Adaptive Security Appliance
Adaptive Security Appliance Software
Firepower Threat Defense
Asa 5512 X Firmware
Asa 5505 Firmware
Asa 5515 X Firmware
Asa 5525 X Firmware
Asa 5545 X Firmware
Asa 5555 X Firmware
Asa 5580 Firmware
Asa 5585 X Firmware
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Adaptive Security Appliance
Before 9.8.4.40
Cisco
Adaptive Security Appliance Software
From 9.13.0 to 9.14.3.1
Adaptive Security Appliance Software
From 9.15.0 to 9.15.1.17
Adaptive Security Appliance Software
From 9.16.0 to 9.16.1.28
Adaptive Security Appliance Software
From 9.9.0 to 9.12.4.25
Cisco
Firepower Threat Defense
Before 6.4.0.13
Firepower Threat Defense
From 6.5.0 to 6.6.5
Firepower Threat Defense
From 6.7.0 to 6.7.0.3
Firepower Threat Defense
From 7.0.0 to 7.0.1
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Asa 5512 X Firmware
Version 009.009
Asa 5512 X Firmware
Version 009.012
Running on/withPlatform Versions
Cisco
Asa 5512 X
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Asa 5505 Firmware
Version 009.009
Asa 5505 Firmware
Version 009.012
Running on/withPlatform Versions
Cisco
Asa 5505
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Asa 5515 X Firmware
Version 009.009
Asa 5515 X Firmware
Version 009.012
Running on/withPlatform Versions
Cisco
Asa 5515 X
All versions
Configuration E
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Asa 5525 X Firmware
Version 009.009
Asa 5525 X Firmware
Version 009.012
Running on/withPlatform Versions
Cisco
Asa 5525 X
All versions
Configuration F
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Asa 5545 X Firmware
Version 009.009
Asa 5545 X Firmware
Version 009.012
Running on/withPlatform Versions
Cisco
Asa 5545 X
All versions
Configuration G
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Asa 5555 X Firmware
Version 009.009
Asa 5555 X Firmware
Version 009.012
Running on/withPlatform Versions
Cisco
Asa 5555 X
All versions
Configuration H
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Asa 5580 Firmware
Version 009.009
Asa 5580 Firmware
Version 009.012
Running on/withPlatform Versions
Cisco
Asa 5580
All versions
Configuration I
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Asa 5585 X Firmware
Version 009.009
Asa 5585 X Firmware
Version 009.012
Running on/withPlatform Versions
Cisco
Asa 5585 X
All versions

Related CWEs

CWE-183
Permissive List of Allowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.