CVE-2021-40118

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVSS v3 7.5 HIGH
CVSS v2.0 7.1 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:adaptive_security_appliance::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

Configuration 2 (hide)

AND

OR	cpe:2.3:o:cisco:asa_5512-x_firmware:009.012\(004.024\):::::::*
	cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001\):::::::*
	cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001.015\):::::::*
	cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001.016\):::::::*
	cpe:2.3:o:cisco:asa_5512-x_firmware:009.016\(001\):::::::*

cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:cisco:asa_5505_firmware:009.012\(004.024\):::::::*
	cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001\):::::::*
	cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001.015\):::::::*
	cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001.016\):::::::*
	cpe:2.3:o:cisco:asa_5505_firmware:009.016\(001\):::::::*

cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:cisco:asa_5515-x_firmware:009.012\(004.024\):::::::*
	cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001\):::::::*
	cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001.015\):::::::*
	cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001.016\):::::::*
	cpe:2.3:o:cisco:asa_5515-x_firmware:009.016\(001\):::::::*

cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:cisco:asa_5525-x_firmware:009.012\(004.024\):::::::*
	cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001\):::::::*
	cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001.015\):::::::*
	cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001.016\):::::::*
	cpe:2.3:o:cisco:asa_5525-x_firmware:009.016\(001\):::::::*

cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:cisco:asa_5545-x_firmware:009.012\(004.024\):::::::*
	cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001\):::::::*
	cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001.015\):::::::*
	cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001.016\):::::::*
	cpe:2.3:o:cisco:asa_5545-x_firmware:009.016\(001\):::::::*

cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:cisco:asa_5555-x_firmware:009.012\(004.024\):::::::*
	cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001\):::::::*
	cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001.015\):::::::*
	cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001.016\):::::::*
	cpe:2.3:o:cisco:asa_5555-x_firmware:009.016\(001\):::::::*

cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:cisco:asa_5580_firmware:009.012\(004.024\):::::::*
	cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001\):::::::*
	cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001.015\):::::::*
	cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001.016\):::::::*
	cpe:2.3:o:cisco:asa_5580_firmware:009.016\(001\):::::::*

cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:cisco:asa_5585-x_firmware:009.012\(004.024\):::::::*
	cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001\):::::::*
	cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001.015\):::::::*
	cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001.016\):::::::*
	cpe:2.3:o:cisco:asa_5585-x_firmware:009.016\(001\):::::::*

cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*

History

16 Aug 2023, 16:17

Type	Values Removed	Values Added
CPE		cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

05 Aug 2022, 11:51

Type	Values Removed	Values Added
CWE	~~CWE-20~~	CWE-787

11 Jan 2022, 21:15

Type	Values Removed	Values Added
Summary	Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.	A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

29 Oct 2021, 13:58

Type	Values Removed	Values Added
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.1 v3 : 7.5
CWE		CWE-20
CPE		cpe:2.3:h:cisco:asa_5512-x:-:::::::* cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001\):::::::* cpe:2.3:o:cisco:asa_5505_firmware:009.016\(001\):::::::* cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001.015\):::::::* cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001.016\):::::::* cpe:2.3:o:cisco:asa_5505_firmware:009.012\(004.024\):::::::* cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001.015\):::::::* cpe:2.3:o:cisco:asa_5545-x_firmware:009.016\(001\):::::::* cpe:2.3:h:cisco:asa_5525-x:-:::::::* cpe:2.3:o:cisco:asa_5555-x_firmware:009.016\(001\):::::::* cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001.015\):::::::* cpe:2.3:o:cisco:asa_5580_firmware:009.012\(004.024\):::::::* cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001\):::::::* cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001.015\):::::::* cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001\):::::::* cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001.016\):::::::* cpe:2.3:h:cisco:asa_5580:-:::::::* cpe:2.3:o:cisco:asa_5585-x_firmware:009.016\(001\):::::::* cpe:2.3:h:cisco:asa_5515-x:-:::::::* cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001.015\):::::::* cpe:2.3:o:cisco:asa_5515-x_firmware:009.012\(004.024\):::::::* cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001\):::::::* cpe:2.3:o:cisco:asa_5545-x_firmware:009.012\(004.024\):::::::* cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001.015\):::::::* cpe:2.3:o:cisco:asa_5580_firmware:009.016\(001\):::::::* cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001\):::::::* cpe:2.3:o:cisco:asa_5585-x_firmware:009.012\(004.024\):::::::* cpe:2.3:o:cisco:asa_5512-x_firmware:009.016\(001\):::::::* cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001.016\):::::::* cpe:2.3:a:cisco:firepower_threat_defense:::::::: cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001.016\):::::::* cpe:2.3:h:cisco:asa_5505:-:::::::* cpe:2.3:a:cisco:adaptive_security_appliance:::::::: cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001\):::::::* cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001.015\):::::::* cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001\):::::::* cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001.016\):::::::* cpe:2.3:h:cisco:asa_5555-x:-:::::::* cpe:2.3:o:cisco:asa_5525-x_firmware:009.016\(001\):::::::* cpe:2.3:h:cisco:asa_5545-x:-:::::::* cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001.016\):::::::* cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001\):::::::* cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001.016\):::::::* cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001.015\):::::::* cpe:2.3:o:cisco:asa_5525-x_firmware:009.012\(004.024\):::::::* cpe:2.3:h:cisco:asa_5585-x:-:::::::* cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001.016\):::::::* cpe:2.3:o:cisco:asa_5515-x_firmware:009.016\(001\):::::::* cpe:2.3:o:cisco:asa_5555-x_firmware:009.012\(004.024\):::::::* cpe:2.3:o:cisco:asa_5512-x_firmware:009.012\(004.024\):::::::*

27 Oct 2021, 20:15

Type	Values Removed	Values Added
Summary	Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.	Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

27 Oct 2021, 19:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-27 19:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-40118

Mitre link : CVE-2021-40118

CVE.ORG link : CVE-2021-40118

JSON object : View

Products Affected

cisco

adaptive_security_appliance
asa_5580_firmware
asa_5505
asa_5545-x_firmware
asa_5555-x_firmware
asa_5525-x
asa_5505_firmware
asa_5555-x
asa_5580
asa_5585-x_firmware
asa_5585-x
asa_5515-x_firmware
asa_5525-x_firmware
asa_5512-x_firmware
asa_5545-x
adaptive_security_appliance_software
asa_5512-x
asa_5515-x
firepower_threat_defense

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-40118

7.5^/10

7.1^/10

Attach tags to `CVE-2021-40118`