CVE-2021-34794

CWE-284Improper Access Control4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.7%
top 28.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat DefenseCisco Cisco Adaptive Security Appliance (asa) Software+8 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A su

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages11 packages

NVDcisco/firepower_threat_defense6.4.06.4.0.13+2
NVDcisco/asa_5505_firmware009.014\(001\), 099.015\(001.033\), 099.016\(001.216\)+2
NVDcisco/asa_5580_firmware009.014\(001\), 099.015\(001.033\), 099.016\(001.216\)+2

🔴Vulnerability Details

2
GHSA
GHSA-24fh-2pfj-hp74: A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) S2022-05-24
CVEList
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability2021-10-27

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability2021-10-27