ID

VAR-202110-1393


CVE

CVE-2021-34790


TITLE

Cisco Adaptive Security Appliance Software  and  Firepower Threat Defense Software  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014291

DESCRIPTION

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming

Trust: 1.71

sources: NVD: CVE-2021-34790 // JVNDB: JVNDB-2021-014291 // VULHUB: VHN-395032

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15.0

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.2.15

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.12

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.7.0.2

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.29

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.5

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:adaptive security appliancescope:ltversion:9.8.4.40

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12.0

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.15

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:009.015

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13.0

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:009.008

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:009.015

Trust: 1.0

vendor:シスコシステムズmodel:asa 5512-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco adaptive security appliance ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5505scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5525-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5545-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5585-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5515-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5580scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5555-xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014291 // NVD: CVE-2021-34790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34790
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34790
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34790
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-1919
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395032
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34790
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-395032
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34790
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34790
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-34790
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395032 // JVNDB: JVNDB-2021-014291 // CNNVD: CNNVD-202110-1919 // NVD: CVE-2021-34790 // NVD: CVE-2021-34790

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-358

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395032 // JVNDB: JVNDB-2021-014291 // NVD: CVE-2021-34790

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1919

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1919

PATCH

title:cisco-sa-natalg-bypass-cpKGqkngurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng

Trust: 0.8

title:Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=168143

Trust: 0.6

sources: JVNDB: JVNDB-2021-014291 // CNNVD: CNNVD-202110-1919

EXTERNAL IDS

db:NVDid:CVE-2021-34790

Trust: 3.3

db:JVNDBid:JVNDB-2021-014291

Trust: 0.8

db:CS-HELPid:SB2021102916

Trust: 0.6

db:AUSCERTid:ESB-2021.3582

Trust: 0.6

db:CNNVDid:CNNVD-202110-1919

Trust: 0.6

db:VULHUBid:VHN-395032

Trust: 0.1

sources: VULHUB: VHN-395032 // JVNDB: JVNDB-2021-014291 // CNNVD: CNNVD-202110-1919 // NVD: CVE-2021-34790

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-natalg-bypass-cpkgqkng

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-34790

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3582

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-ingress-filtrering-bypass-via-application-level-gateway-36741

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102916

Trust: 0.6

sources: VULHUB: VHN-395032 // JVNDB: JVNDB-2021-014291 // CNNVD: CNNVD-202110-1919 // NVD: CVE-2021-34790

SOURCES

db:VULHUBid:VHN-395032
db:JVNDBid:JVNDB-2021-014291
db:CNNVDid:CNNVD-202110-1919
db:NVDid:CVE-2021-34790

LAST UPDATE DATE

2024-08-14T13:53:52.245000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395032date:2022-10-27T00:00:00
db:JVNDBid:JVNDB-2021-014291date:2022-10-12T07:17:00
db:CNNVDid:CNNVD-202110-1919date:2022-10-28T00:00:00
db:NVDid:CVE-2021-34790date:2023-11-07T03:36:25.667

SOURCES RELEASE DATE

db:VULHUBid:VHN-395032date:2021-10-27T00:00:00
db:JVNDBid:JVNDB-2021-014291date:2022-10-12T00:00:00
db:CNNVDid:CNNVD-202110-1919date:2021-10-27T00:00:00
db:NVDid:CVE-2021-34790date:2021-10-27T19:15:08.400