Cisco Adaptive Security Appliance Software vulnerabilities

CVE-2021-40117 [HIGH] CWE-119 CVE-2021-40117: A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An at

CVE-2021-34791 [MEDIUM] CWE-358 CVE-2021-34791: Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For mo

CVE-2021-34787 [MEDIUM] CWE-183 CVE-2021-34787: A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Secu A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices conf

CVE-2021-34790 [MEDIUM] CWE-358 CVE-2021-34790: Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For mo

CVE-2021-34794 [MEDIUM] CWE-284 CVE-2021-34794: A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control function A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could

CVE-2021-40125 [MEDIUM] CWE-416 CVE-2021-40125: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Secu A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a reso

CVE-2021-1422 [HIGH] CWE-617 CVE-2021-1422: A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Softw A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condit

CVE-2021-1585 [HIGH] CWE-94 CVE-2021-1585: A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthe A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerabili

CVE-2021-1501 [HIGH] CWE-613 CVE-2021-1501: A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition.The vulnerability is due to a crash that occurs during a has

CVE-2021-1493 [HIGH] CWE-120 CVE-2021-1493: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services

CVE-2021-1504 [HIGH] CWE-787 CVE-2021-1504: Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat De Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these

CVE-2021-1445 [HIGH] CWE-787 CVE-2021-1445: Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat De Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these

CVE-2021-1476 [MEDIUM] CWE-78 CVE-2021-1476: A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower T A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied

CVE-2021-1488 [MEDIUM] CWE-77 CVE-2021-1488: A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An a

CVE-2020-3304 [HIGH] CWE-400 CVE-2020-3304: A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepow A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP re

CVE-2020-3436 [HIGH] CWE-434 CVE-2020-3436: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco F A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affecte

CVE-2020-3529 [HIGH] CWE-400 CVE-2020-3529: A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Softw A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (

CVE-2020-3373 [HIGH] CWE-400 CVE-2020-3373: A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denia

CVE-2020-3572 [HIGH] CWE-400 CVE-2020-3572: A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software a A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific s

CVE-2020-3555 [HIGH] CWE-404 CVE-2020-3555: A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software an A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash d