Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-1422

Опубликовано: 16 июл. 2021
Источник: nvd
CVSS3: 7.7
CVSS2: 6.8
EPSS Низкий

Описание

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:firepower_threat_defense:7.0.0.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ftd_virtual:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%
0.00427
Низкий

7.7 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-617
CWE-617

Связанные уязвимости

github логотип

GHSA-jcpc-3vwc-j47q

CVSS3: 7.7
github
больше 3 лет назад

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

fstec логотип

BDU:2021-03849

CVSS3: 7.7
fstec
больше 4 лет назад

Уязвимость криптографического модуля микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 62%
0.00427
Низкий

7.7 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-617
CWE-617