CVE-2021-34704 — Stack-based Buffer Overflow in Cisco Adaptive Security Appliance Software

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-234 — Failure to Handle Missing Parameter CWE-444 — HTTP Request Smuggling4 documents4 sources

Severity

7.5HIGHNVD

CNA8.6

EPSS

0.3%

top 51.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense Software Cisco Adaptive Security Appliance Software +1 more

Timeline

PublishedJan 11

Latest updateJan 12

Description

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software9.15 — 9.15.1.17+1

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified — 6.6.5

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified — 6.4.0.13

▶NVDcisco/firepower_threat_defense6.7.0 — 6.7.0.3+1

🔴Vulnerability Details

GHSA

GHSA-25qg-5w5q-f6xw: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software co↗2022-01-12

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability↗2022-01-11

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities↗2021-10-27

▶