CVE-2021-34790: Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA)…

medium5.3CVSS 3.1

AVNACLPRNUINSUCNILAN

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
cisco	adaptive_security_appliance	< 9.8.4.40	9.8.4.40
cisco	adaptive_security_appliance	—	—
cisco	adaptive_security_appliance_software	>= 9.12.0 < 9.12.4.29	9.12.4.29
cisco	adaptive_security_appliance_software	>= 9.13.0 < 9.14.2.15	9.14.2.15
cisco	adaptive_security_appliance_software	>= 9.15.0 < 9.15.1.15	9.15.1.15
cisco	asa_5505_firmware	—	—
cisco	asa_5505_firmware	—	—
cisco	asa_5512-x_firmware	—	—
cisco	asa_5512-x_firmware	—	—
cisco	asa_5515-x_firmware	—	—
cisco	asa_5515-x_firmware	—	—
cisco	asa_5525-x_firmware	—	—
cisco	asa_5525-x_firmware	—	—
cisco	asa_5545-x_firmware	—	—
cisco	asa_5545-x_firmware	—	—
cisco	asa_5555-x_firmware	—	—
cisco	asa_5555-x_firmware	—	—
cisco	asa_5580_firmware	—	—
cisco	asa_5580_firmware	—	—
cisco	asa_5585-x_firmware	—	—
cisco	asa_5585-x_firmware	—	—
cisco	cisco_adaptive_security_appliance_software	—	—
cisco	firepower_threat_defense	< 6.4.0.12	6.4.0.12
cisco	firepower_threat_defense	>= 6.5.0 < 6.6.5	6.6.5
cisco	firepower_threat_defense	>= 6.7.0 < 6.7.0.2	6.7.0.2