Lucene search

[email protected]NVD:CVE-2021-1422

HistoryJul 16, 2021 - 1:15 p.m.

CVE-2021-1422

2021-07-1613:15:08

CWE-617

[email protected]

web.nvd.nist.gov

cisco

vulnerability

denial of service

ipsec

cryptography

software

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

39.4%

JSON

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

Affected configurations

Nvd

Node

ciscoadaptive_security_appliance_softwareMatch9.16.1

ciscofirepower_threat_defenseMatch7.0.0.0

AND

ciscoadaptive_security_virtual_applianceMatch-

ciscofirepower_2100Match-

ciscofirepower_2110Match-

ciscofirepower_2120Match-

ciscofirepower_2130Match-

ciscofirepower_2140Match-

ciscoftd_virtualMatch-

VendorProductVersionCPE
ciscoadaptive_security_appliance_software9.16.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*
ciscofirepower_threat_defense7.0.0.0cpe:2.3:o:cisco:firepower_threat_defense:7.0.0.0:*:*:*:*:*:*:*
ciscoadaptive_security_virtual_appliance-cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*
ciscofirepower_2100-cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*
ciscofirepower_2110-cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*
ciscofirepower_2120-cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*
ciscofirepower_2130-cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*
ciscofirepower_2140-cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*
ciscoftd_virtual-cpe:2.3:h:cisco:ftd_virtual:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	9.16.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:::::::*
cisco	firepower_threat_defense	7.0.0.0	cpe:2.3:o:cisco:firepower_threat_defense:7.0.0.0:::::::*
cisco	adaptive_security_virtual_appliance	-	cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:::::::*
cisco	firepower_2100	-	cpe:2.3:h:cisco:firepower_2100:-:::::::*
cisco	firepower_2110	-	cpe:2.3:h:cisco:firepower_2110:-:::::::*
cisco	firepower_2120	-	cpe:2.3:h:cisco:firepower_2120:-:::::::*
cisco	firepower_2130	-	cpe:2.3:h:cisco:firepower_2130:-:::::::*
cisco	firepower_2140	-	cpe:2.3:h:cisco:firepower_2140:-:::::::*
cisco	ftd_virtual	-	cpe:2.3:h:cisco:ftd_virtual:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

39.4%

JSON

Related for NVD:CVE-2021-1422

prion1 cisco1 nessus2 cvelist1 cve1