CVE-2021-40117
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Affected (26)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.8.4.40 | |
| From 9.13.0 to 9.14.3.9 | |
| Before 6.2.3.17 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.009(002.085) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5512 X | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.009(002.085) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5505 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.009(002.085) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5515 X | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.009(002.085) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5525 X | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.009(002.085) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5545 X | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.009(002.085) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5555 X | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.009(002.085) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5580 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 009.009(002.085) |
| Running on/with | Platform Versions |
|---|---|
Cisco Asa 5585 X | All versions |
Related CWEs
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.