Details of VAR-202110-1394

ID

VAR-202110-1394

CVE

CVE-2021-34783

TITLE

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014289

DESCRIPTION

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability

Trust: 1.71

sources: NVD: CVE-2021-34783 // JVNDB: JVNDB-2021-014289 // VULHUB: VHN-395025

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.15.0	Trust: 1.0
vendor:	cisco	model:	asa 5545-x	scope:	eq	version:	009.016\(001.025\)	Trust: 1.0
vendor:	cisco	model:	asa 5555-x	scope:	eq	version:	009.016\(001\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	7.0.1	Trust: 1.0
vendor:	cisco	model:	asa 5585-x	scope:	eq	version:	009.016\(001\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.7.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.14.3.9	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.8.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.15.1.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.16.0	Trust: 1.0
vendor:	cisco	model:	asa 5515-x	scope:	eq	version:	009.016\(001\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	asa 5585-x	scope:	eq	version:	009.016\(001.025\)	Trust: 1.0
vendor:	cisco	model:	asa 5555-x	scope:	eq	version:	009.016\(001.025\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.4.29	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.6.5	Trust: 1.0
vendor:	cisco	model:	asa 5515-x	scope:	eq	version:	009.016\(001.025\)	Trust: 1.0
vendor:	cisco	model:	asa 5580	scope:	eq	version:	009.016\(001\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	asa 5525-x	scope:	eq	version:	009.016\(001\)	Trust: 1.0
vendor:	cisco	model:	asa 5580	scope:	eq	version:	009.016\(001.025\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.12.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.16.2	Trust: 1.0
vendor:	cisco	model:	asa 5525-x	scope:	eq	version:	009.016\(001.025\)	Trust: 1.0
vendor:	cisco	model:	asa 5505	scope:	eq	version:	009.016\(001\)	Trust: 1.0
vendor:	cisco	model:	asa 5512-x	scope:	eq	version:	009.016\(001\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.14.0	Trust: 1.0
vendor:	cisco	model:	asa 5545-x	scope:	eq	version:	009.016\(001\)	Trust: 1.0
vendor:	cisco	model:	asa 5505	scope:	eq	version:	009.016\(001.025\)	Trust: 1.0
vendor:	cisco	model:	asa 5512-x	scope:	eq	version:	009.016\(001.025\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.40	Trust: 1.0
vendor:	シスコシステムズ	model:	asa 5512-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco adaptive security appliance ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5505	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5525-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5545-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5585-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower threat defense ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5515-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5580	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	asa 5555-x	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014289 // NVD: CVE-2021-34783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34783
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34783
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-34783
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-1916
value:	HIGH
Trust: 0.6
VULHUB:	VHN-395025
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-34783
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-395025
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34783
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34783
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34783
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-395025 // JVNDB: JVNDB-2021-014289 // CNNVD: CNNVD-202110-1916 // NVD: CVE-2021-34783 // NVD: CVE-2021-34783

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-119	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-395025 // JVNDB: JVNDB-2021-014289 // NVD: CVE-2021-34783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1916

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1916

PATCH

title:	cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M	Trust: 0.8
title:	Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168739	Trust: 0.6

sources: JVNDB: JVNDB-2021-014289 // CNNVD: CNNVD-202110-1916

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34783	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014289	Trust: 0.8
db:	CS-HELP	id:	SB2021102915	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3582	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-1916	Trust: 0.6
db:	VULHUB	id:	VHN-395025	Trust: 0.1

sources: VULHUB: VHN-395025 // JVNDB: JVNDB-2021-014289 // CNNVD: CNNVD-202110-1916 // NVD: CVE-2021-34783

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-tls-decrypt-dos-bmxyjm8m	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34783	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.3582	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021102915	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-ssl-tls-message-handler-36736	Trust: 0.6

sources: VULHUB: VHN-395025 // JVNDB: JVNDB-2021-014289 // CNNVD: CNNVD-202110-1916 // NVD: CVE-2021-34783

SOURCES

db:	VULHUB	id:	VHN-395025
db:	JVNDB	id:	JVNDB-2021-014289
db:	CNNVD	id:	CNNVD-202110-1916
db:	NVD	id:	CVE-2021-34783

LAST UPDATE DATE

2024-08-14T13:53:52.219000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395025	date:	2021-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-014289	date:	2022-10-12T07:17:00
db:	CNNVD	id:	CNNVD-202110-1916	date:	2021-11-08T00:00:00
db:	NVD	id:	CVE-2021-34783	date:	2023-11-07T03:36:24.283

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395025	date:	2021-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-014289	date:	2022-10-12T00:00:00
db:	CNNVD	id:	CNNVD-202110-1916	date:	2021-10-27T00:00:00
db:	NVD	id:	CVE-2021-34783	date:	2021-10-27T19:15:08.290