ID

VAR-202110-1394


CVE

CVE-2021-34783


TITLE

Cisco Adaptive Security Appliance Software  and  Firepower Threat Defense Software  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014289

DESCRIPTION

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability

Trust: 1.71

sources: NVD: CVE-2021-34783 // JVNDB: JVNDB-2021-014289 // VULHUB: VHN-395025

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:gteversion:7.0.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15.0

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:009.016\(001.025\)

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:009.016\(001\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:7.0.1

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:009.016\(001\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.7.0.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.3.9

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.4.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.8.0

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.13

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.17

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.16.0

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:009.016\(001\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.6.0

Trust: 1.0

vendor:ciscomodel:asa 5585-xscope:eqversion:009.016\(001.025\)

Trust: 1.0

vendor:ciscomodel:asa 5555-xscope:eqversion:009.016\(001.025\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.29

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.5

Trust: 1.0

vendor:ciscomodel:asa 5515-xscope:eqversion:009.016\(001.025\)

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:009.016\(001\)

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:009.016\(001\)

Trust: 1.0

vendor:ciscomodel:asa 5580scope:eqversion:009.016\(001.025\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.12.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.16.2

Trust: 1.0

vendor:ciscomodel:asa 5525-xscope:eqversion:009.016\(001.025\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:009.016\(001\)

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:009.016\(001\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.14.0

Trust: 1.0

vendor:ciscomodel:asa 5545-xscope:eqversion:009.016\(001\)

Trust: 1.0

vendor:ciscomodel:asa 5505scope:eqversion:009.016\(001.025\)

Trust: 1.0

vendor:ciscomodel:asa 5512-xscope:eqversion:009.016\(001.025\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.40

Trust: 1.0

vendor:シスコシステムズmodel:asa 5512-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco adaptive security appliance ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5505scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5525-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5545-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5585-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower threat defense ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5515-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5580scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:asa 5555-xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014289 // NVD: CVE-2021-34783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34783
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34783
value: HIGH

Trust: 1.0

NVD: CVE-2021-34783
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-1916
value: HIGH

Trust: 0.6

VULHUB: VHN-395025
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-34783
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-395025
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34783
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34783
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-34783
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395025 // JVNDB: JVNDB-2021-014289 // CNNVD: CNNVD-202110-1916 // NVD: CVE-2021-34783 // NVD: CVE-2021-34783

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-119

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395025 // JVNDB: JVNDB-2021-014289 // NVD: CVE-2021-34783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1916

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1916

PATCH

title:cisco-sa-ftd-tls-decrypt-dos-BMxYjm8Murl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M

Trust: 0.8

title:Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168739

Trust: 0.6

sources: JVNDB: JVNDB-2021-014289 // CNNVD: CNNVD-202110-1916

EXTERNAL IDS

db:NVDid:CVE-2021-34783

Trust: 3.3

db:JVNDBid:JVNDB-2021-014289

Trust: 0.8

db:CS-HELPid:SB2021102915

Trust: 0.6

db:AUSCERTid:ESB-2021.3582

Trust: 0.6

db:CNNVDid:CNNVD-202110-1916

Trust: 0.6

db:VULHUBid:VHN-395025

Trust: 0.1

sources: VULHUB: VHN-395025 // JVNDB: JVNDB-2021-014289 // CNNVD: CNNVD-202110-1916 // NVD: CVE-2021-34783

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-tls-decrypt-dos-bmxyjm8m

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-34783

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3582

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102915

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-ssl-tls-message-handler-36736

Trust: 0.6

sources: VULHUB: VHN-395025 // JVNDB: JVNDB-2021-014289 // CNNVD: CNNVD-202110-1916 // NVD: CVE-2021-34783

SOURCES

db:VULHUBid:VHN-395025
db:JVNDBid:JVNDB-2021-014289
db:CNNVDid:CNNVD-202110-1916
db:NVDid:CVE-2021-34783

LAST UPDATE DATE

2024-08-14T13:53:52.219000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395025date:2021-10-29T00:00:00
db:JVNDBid:JVNDB-2021-014289date:2022-10-12T07:17:00
db:CNNVDid:CNNVD-202110-1916date:2021-11-08T00:00:00
db:NVDid:CVE-2021-34783date:2023-11-07T03:36:24.283

SOURCES RELEASE DATE

db:VULHUBid:VHN-395025date:2021-10-27T00:00:00
db:JVNDBid:JVNDB-2021-014289date:2022-10-12T00:00:00
db:CNNVDid:CNNVD-202110-1916date:2021-10-27T00:00:00
db:NVDid:CVE-2021-34783date:2021-10-27T19:15:08.290