Details of VAR-202110-1376

ID

VAR-202110-1376

CVE

CVE-2021-34793

TITLE

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Improper enforcement of integrity of messages in transit over communication channels in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014294

DESCRIPTION

A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certain TCP segments when the affected device is operating in transparent mode. An attacker could exploit this vulnerability by sending a crafted TCP segment through an affected device. A successful exploit could allow the attacker to poison the MAC address tables in adjacent devices, resulting in network disruption

Trust: 1.71

sources: NVD: CVE-2021-34793 // JVNDB: JVNDB-2021-014294 // VULHUB: VHN-395035

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.15.0	Trust: 1.0
vendor:	cisco	model:	asa 5545-x	scope:	eq	version:	009.008\(004.025\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.7.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.16.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.14.3.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.15.1.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.16.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.13	Trust: 1.0
vendor:	cisco	model:	asa 5585-x	scope:	eq	version:	009.008\(004.025\)	Trust: 1.0
vendor:	cisco	model:	asa 5555-x	scope:	eq	version:	009.008\(004.025\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	asa 5515-x	scope:	eq	version:	009.008\(004.025\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.4.29	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.6.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	asa 5580	scope:	eq	version:	009.008\(004.025\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	9.8.4.40	Trust: 1.0
vendor:	cisco	model:	asa 5525-x	scope:	eq	version:	009.008\(004.025\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13.0	Trust: 1.0
vendor:	cisco	model:	asa 5505	scope:	eq	version:	009.008\(004.025\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9.0	Trust: 1.0
vendor:	cisco	model:	asa 5512-x	scope:	eq	version:	009.008\(004.025\)	Trust: 1.0
vendor:	シスコシステムズ	model:	asa 5512-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco adaptive security appliance ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5505	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5525-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5545-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5585-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower threat defense ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5515-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5580	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5555-x	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014294 // NVD: CVE-2021-34793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34793
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34793
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-34793
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-1922
value:	HIGH
Trust: 0.6
VULHUB:	VHN-395035
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34793
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-395035
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34793
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0
NVD:	CVE-2021-34793
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-395035 // JVNDB: JVNDB-2021-014294 // CNNVD: CNNVD-202110-1922 // NVD: CVE-2021-34793 // NVD: CVE-2021-34793

PROBLEMTYPE DATA

problemtype:	CWE-924	Trust: 1.0
problemtype:	Improper enforcement of message integrity in transit over communication channels (CWE-924) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014294 // NVD: CVE-2021-34793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1922

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1922

PATCH

title:	cisco-sa-asa-ftd-dos-JxYWMJyL	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-JxYWMJyL	Trust: 0.8
title:	Cisco Firepower Threat Defense ( FTD )with Cisco Adaptive Security Appliances Software ( ASA Software ) Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167473	Trust: 0.6

sources: JVNDB: JVNDB-2021-014294 // CNNVD: CNNVD-202110-1922

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34793	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014294	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3582	Trust: 0.6
db:	CS-HELP	id:	SB2021102803	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-1922	Trust: 0.6
db:	VULHUB	id:	VHN-395035	Trust: 0.1

sources: VULHUB: VHN-395035 // JVNDB: JVNDB-2021-014294 // CNNVD: CNNVD-202110-1922 // NVD: CVE-2021-34793

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-ftd-dos-jxywmjyl	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34793	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021102803	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3582	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-transparent-mode-mac-tables-poisoning-36740	Trust: 0.6

sources: VULHUB: VHN-395035 // JVNDB: JVNDB-2021-014294 // CNNVD: CNNVD-202110-1922 // NVD: CVE-2021-34793

SOURCES

db:	VULHUB	id:	VHN-395035
db:	JVNDB	id:	JVNDB-2021-014294
db:	CNNVD	id:	CNNVD-202110-1922
db:	NVD	id:	CVE-2021-34793

LAST UPDATE DATE

2024-08-14T13:53:52.271000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395035	date:	2021-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-014294	date:	2022-10-12T07:17:00
db:	CNNVD	id:	CNNVD-202110-1922	date:	2021-11-02T00:00:00
db:	NVD	id:	CVE-2021-34793	date:	2023-11-07T03:36:26.283

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395035	date:	2021-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-014294	date:	2022-10-12T00:00:00
db:	CNNVD	id:	CNNVD-202110-1922	date:	2021-10-27T00:00:00
db:	NVD	id:	CVE-2021-34793	date:	2021-10-27T19:15:08.563