ID

VAR-202104-0900


CVE

CVE-2021-1445


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources

Trust: 1.62

sources: NVD: CVE-2021-1445 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374499 // VULMON: CVE-2021-1445

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.14

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.7.0.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.2.8

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.13

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.34

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.85

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.13.1.21

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

sources: NVD: CVE-2021-1445

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1445
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1445
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-2075
value: HIGH

Trust: 0.6

VULHUB: VHN-374499
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1445
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1445
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374499
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1445
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1445
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-374499 // VULMON: CVE-2021-1445 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2075 // NVD: CVE-2021-1445 // NVD: CVE-2021-1445

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-374499 // NVD: CVE-2021-1445

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2075

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Cisco Adaptive Security Appliances Software Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149016

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-ftd-vpn-dos-fpBcpEcD

Trust: 0.1

sources: VULMON: CVE-2021-1445 // CNNVD: CNNVD-202104-2075

EXTERNAL IDS

db:NVDid:CVE-2021-1445

Trust: 1.8

db:CNNVDid:CNNVD-202104-2075

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042831

Trust: 0.6

db:AUSCERTid:ESB-2021.1468

Trust: 0.6

db:VULHUBid:VHN-374499

Trust: 0.1

db:VULMONid:CVE-2021-1445

Trust: 0.1

sources: VULHUB: VHN-374499 // VULMON: CVE-2021-1445 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2075 // NVD: CVE-2021-1445

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-ftd-vpn-dos-fpbcpecd

Trust: 1.9

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-vpn-35189

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1445

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042831

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1468

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374499 // VULMON: CVE-2021-1445 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2075 // NVD: CVE-2021-1445

SOURCES

db:VULHUBid:VHN-374499
db:VULMONid:CVE-2021-1445
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-2075
db:NVDid:CVE-2021-1445

LAST UPDATE DATE

2024-08-14T12:57:30.970000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374499date:2021-05-05T00:00:00
db:VULMONid:CVE-2021-1445date:2021-05-05T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-2075date:2021-05-07T00:00:00
db:NVDid:CVE-2021-1445date:2023-11-07T03:28:19.637

SOURCES RELEASE DATE

db:VULHUBid:VHN-374499date:2021-04-29T00:00:00
db:VULMONid:CVE-2021-1445date:2021-04-29T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-2075date:2021-04-28T00:00:00
db:NVDid:CVE-2021-1445date:2021-04-29T18:15:08.967