A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
21 Nov 2024, 06:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-ejjOgQEY - Vendor Advisory |
16 Aug 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* |
29 Oct 2021, 12:31
Type | Values Removed | Values Added |
---|---|---|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-ejjOgQEY - Vendor Advisory | |
CWE | CWE-755 | |
CPE | cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5545-x_firmware:009.009:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5515-x_firmware:009.009:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5585-x_firmware:009.012:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5512-x_firmware:009.009:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5580_firmware:009.012:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5515-x_firmware:009.012:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5555-x_firmware:009.009:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5580_firmware:009.009:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5555-x_firmware:009.012:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5505_firmware:009.009:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5525-x_firmware:009.012:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5512-x_firmware:009.012:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5585-x_firmware:009.009:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5505_firmware:009.012:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5525-x_firmware:009.009:*:*:*:*:*:*:* cpe:2.3:o:cisco:asa_5545-x_firmware:009.012:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.3 |
27 Oct 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts. |
27 Oct 2021, 19:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-27 19:15
Updated : 2024-11-21 06:11
NVD link : CVE-2021-34787
Mitre link : CVE-2021-34787
CVE.ORG link : CVE-2021-34787
JSON object : View
Products Affected
cisco
- asa_5545-x_firmware
- asa_5505
- asa_5525-x_firmware
- adaptive_security_appliance
- asa_5580
- asa_5505_firmware
- asa_5555-x_firmware
- asa_5555-x
- asa_5525-x
- asa_5580_firmware
- asa_5512-x_firmware
- asa_5515-x_firmware
- asa_5515-x
- asa_5545-x
- asa_5512-x
- asa_5585-x_firmware
- asa_5585-x
- adaptive_security_appliance_software
- firepower_threat_defense