Lucene search

[email protected]NVD:CVE-2021-34791

HistoryOct 27, 2021 - 7:15 p.m.

CVE-2021-34791

2021-10-2719:15:08

CWE-20

CWE-358

[email protected]

web.nvd.nist.gov

cisco

asa

ftd

nat

alg

vulnerabilities

network address translation

nat slipstreaming

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

48.2%

JSON

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.

Affected configurations

Nvd

Node

ciscoadaptive_security_applianceRange<9.8.4.40

ciscofirepower_threat_defenseRange<6.4.0.12

ciscofirepower_threat_defenseRange6.5.0–6.6.5

ciscofirepower_threat_defenseRange6.7.0–6.7.0.2

ciscoadaptive_security_appliance_softwareRange9.12.0–9.12.4.18

ciscoadaptive_security_appliance_softwareRange9.13.0–9.14.2.15

ciscoadaptive_security_appliance_softwareRange9.15.0–9.15.1.15

Node

ciscoasa_5512-x_firmwareMatch009.008

ciscoasa_5512-x_firmwareMatch009.015

AND

ciscoasa_5512-xMatch-

Node

ciscoasa_5505_firmwareMatch009.008

ciscoasa_5505_firmwareMatch009.015

AND

ciscoasa_5505Match-

Node

ciscoasa_5515-x_firmwareMatch009.008

ciscoasa_5515-x_firmwareMatch009.015

AND

ciscoasa_5515-xMatch-

Node

ciscoasa_5525-xMatch-

AND

ciscoasa_5525-x_firmwareMatch009.008

ciscoasa_5525-x_firmwareMatch009.015

Node

ciscoasa_5545-xMatch-

AND

ciscoasa_5545-x_firmwareMatch009.008

ciscoasa_5545-x_firmwareMatch009.015

Node

ciscoasa_5555-xMatch-

AND

ciscoasa_5555-x_firmwareMatch009.008

ciscoasa_5555-x_firmwareMatch009.015

Node

ciscoasa_5580Match-

AND

ciscoasa_5580_firmwareMatch009.008

ciscoasa_5580_firmwareMatch009.015

Node

ciscoasa_5585-xMatch-

AND

ciscoasa_5585-x_firmwareMatch009.008

ciscoasa_5585-x_firmwareMatch009.015

VendorProductVersionCPE
ciscoadaptive_security_appliance*cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
ciscofirepower_threat_defense*cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software*cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
ciscoasa_5512-x_firmware009.008cpe:2.3:o:cisco:asa_5512-x_firmware:009.008:*:*:*:*:*:*:*
ciscoasa_5512-x_firmware009.015cpe:2.3:o:cisco:asa_5512-x_firmware:009.015:*:*:*:*:*:*:*
ciscoasa_5512-x-cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*
ciscoasa_5505_firmware009.008cpe:2.3:o:cisco:asa_5505_firmware:009.008:*:*:*:*:*:*:*
ciscoasa_5505_firmware009.015cpe:2.3:o:cisco:asa_5505_firmware:009.015:*:*:*:*:*:*:*
ciscoasa_5505-cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*
ciscoasa_5515-x_firmware009.008cpe:2.3:o:cisco:asa_5515-x_firmware:009.008:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance	*	cpe:2.3:a:cisco:adaptive_security_appliance::::::::
cisco	firepower_threat_defense	*	cpe:2.3:a:cisco:firepower_threat_defense::::::::
cisco	adaptive_security_appliance_software	*	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
cisco	asa_5512-x_firmware	009.008	cpe:2.3:o:cisco:asa_5512-x_firmware:009.008:::::::*
cisco	asa_5512-x_firmware	009.015	cpe:2.3:o:cisco:asa_5512-x_firmware:009.015:::::::*
cisco	asa_5512-x	-	cpe:2.3:h:cisco:asa_5512-x:-:::::::*
cisco	asa_5505_firmware	009.008	cpe:2.3:o:cisco:asa_5505_firmware:009.008:::::::*
cisco	asa_5505_firmware	009.015	cpe:2.3:o:cisco:asa_5505_firmware:009.015:::::::*
cisco	asa_5505	-	cpe:2.3:h:cisco:asa_5505:-:::::::*
cisco	asa_5515-x_firmware	009.008	cpe:2.3:o:cisco:asa_5515-x_firmware:009.008:::::::*

Rows per page:

1-10 of 271

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

48.2%

JSON

Related for NVD:CVE-2021-34791

cve1 prion1 cvelist1 cisco1