Details of VAR-202104-0900

ID

VAR-202104-0900

CVE

CVE-2021-1445

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources

Trust: 1.62

sources: NVD: CVE-2021-1445 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374499 // VULMON: CVE-2021-1445

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.7.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.14.2.8	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.4.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.34	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.6.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.15.1.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.85	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.13.1.21	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0

sources: NVD: CVE-2021-1445

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1445
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1445
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-2075
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374499
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1445
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1445
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374499
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1445
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1445
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374499 // VULMON: CVE-2021-1445 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2075 // NVD: CVE-2021-1445 // NVD: CVE-2021-1445

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-374499 // NVD: CVE-2021-1445

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2075

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Cisco Adaptive Security Appliances Software Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149016	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-ftd-vpn-dos-fpBcpEcD	Trust: 0.1

sources: VULMON: CVE-2021-1445 // CNNVD: CNNVD-202104-2075

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1445	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-2075	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042831	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1468	Trust: 0.6
db:	VULHUB	id:	VHN-374499	Trust: 0.1
db:	VULMON	id:	CVE-2021-1445	Trust: 0.1

sources: VULHUB: VHN-374499 // VULMON: CVE-2021-1445 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2075 // NVD: CVE-2021-1445

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-ftd-vpn-dos-fpbcpecd	Trust: 1.9
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-vpn-35189	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1445	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042831	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1468	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374499 // VULMON: CVE-2021-1445 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2075 // NVD: CVE-2021-1445

SOURCES

db:	VULHUB	id:	VHN-374499
db:	VULMON	id:	CVE-2021-1445
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-2075
db:	NVD	id:	CVE-2021-1445

LAST UPDATE DATE

2024-08-14T12:57:30.970000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374499	date:	2021-05-05T00:00:00
db:	VULMON	id:	CVE-2021-1445	date:	2021-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-2075	date:	2021-05-07T00:00:00
db:	NVD	id:	CVE-2021-1445	date:	2023-11-07T03:28:19.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374499	date:	2021-04-29T00:00:00
db:	VULMON	id:	CVE-2021-1445	date:	2021-04-29T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-2075	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-1445	date:	2021-04-29T18:15:08.967