ID

VAR-202110-1392


CVE

CVE-2021-34791


TITLE

Cisco Adaptive Security Appliance Software  and  Firepower Threat Defense Software  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014292

DESCRIPTION

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming

Trust: 1.8

sources: NVD: CVE-2021-34791 // JVNDB: JVNDB-2021-014292 // VULHUB: VHN-395033 // VULMON: CVE-2021-34791

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15.0

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.2.15

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.12

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.7.0.2

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.5

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope:ltversion:9.8.4.40

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12.0

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.18

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.15

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13.0

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:009.015

Trust: 1.0

vendor:シスコシステムズmodel:asa 5512-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco adaptive security appliance ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5505scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5525-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5545-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5585-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5515-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5580scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5555-xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014292 // NVD: CVE-2021-34791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34791
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34791
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34791
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-1920
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395033
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-34791
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34791
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-395033
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34791
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34791
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-34791
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395033 // VULMON: CVE-2021-34791 // JVNDB: JVNDB-2021-014292 // CNNVD: CNNVD-202110-1920 // NVD: CVE-2021-34791 // NVD: CVE-2021-34791

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-358

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395033 // JVNDB: JVNDB-2021-014292 // NVD: CVE-2021-34791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1920

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1920

PATCH

title:cisco-sa-natalg-bypass-cpKGqkngurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng

Trust: 0.8

title:Cisco Firepower Threat Defense ( FTD )with Cisco Adaptive Security Appliances Software ( ASA Software ) Input verification error vulnerabilities repair measuresurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=168144

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-natalg-bypass-cpKGqkng

Trust: 0.1

sources: VULMON: CVE-2021-34791 // JVNDB: JVNDB-2021-014292 // CNNVD: CNNVD-202110-1920

EXTERNAL IDS

db:NVDid:CVE-2021-34791

Trust: 3.4

db:JVNDBid:JVNDB-2021-014292

Trust: 0.8

db:CS-HELPid:SB2021102916

Trust: 0.6

db:AUSCERTid:ESB-2021.3582

Trust: 0.6

db:CNNVDid:CNNVD-202110-1920

Trust: 0.6

db:VULHUBid:VHN-395033

Trust: 0.1

db:VULMONid:CVE-2021-34791

Trust: 0.1

sources: VULHUB: VHN-395033 // VULMON: CVE-2021-34791 // JVNDB: JVNDB-2021-014292 // CNNVD: CNNVD-202110-1920 // NVD: CVE-2021-34791

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-natalg-bypass-cpkgqkng

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-34791

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3582

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-ingress-filtrering-bypass-via-application-level-gateway-36741

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102916

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-395033 // VULMON: CVE-2021-34791 // JVNDB: JVNDB-2021-014292 // CNNVD: CNNVD-202110-1920 // NVD: CVE-2021-34791

SOURCES

db:VULHUBid:VHN-395033
db:VULMONid:CVE-2021-34791
db:JVNDBid:JVNDB-2021-014292
db:CNNVDid:CNNVD-202110-1920
db:NVDid:CVE-2021-34791

LAST UPDATE DATE

2024-08-14T13:53:52.189000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395033date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-34791date:2021-10-29T00:00:00
db:JVNDBid:JVNDB-2021-014292date:2022-10-12T07:17:00
db:CNNVDid:CNNVD-202110-1920date:2022-10-28T00:00:00
db:NVDid:CVE-2021-34791date:2023-11-07T03:36:25.867

SOURCES RELEASE DATE

db:VULHUBid:VHN-395033date:2021-10-27T00:00:00
db:VULMONid:CVE-2021-34791date:2021-10-27T00:00:00
db:JVNDBid:JVNDB-2021-014292date:2022-10-12T00:00:00
db:CNNVDid:CNNVD-202110-1920date:2021-10-27T00:00:00
db:NVDid:CVE-2021-34791date:2021-10-27T19:15:08.457