CVSS: 8.6EPSS: 0%CPEs: 24EXPL: 0CVE-2021-34793 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34793
A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certain TCP segments when the affected device is operating in transparent mode. An attacker could exploit this vulnerability by sending a crafted TCP segment through an affected device. A successful exploit could allow the attacker to poison the MAC address tables in adjacent devices, resulting in network disruption. Una vulnerabilidad en el Normalizador TCP del software Cisco Adaptive Security Appliance (ASA) y del software Firepower Threat Defense (FTD) que funciona en modo transparente podría permitir a un atacante remoto no autenticado envenenar las tablas de direcciones MAC, lo que provocaría una vulnerabilidad de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-JxYWMJyL • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2021-34791 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34791
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. Varias vulnerabilidades en la Puerta de Enlace de Nivel de Aplicación (ALG) para la funcionalidad Network Address Translation (NAT) del software Cisco Adaptive Security Appliance (ASA) y el software Firepower Threat Defense (FTD) podrían permitir a un atacante remoto no autenticado omitir la ALG y abrir conexiones no autorizadas con un host situado detrás de la ALG. Para conseguir más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2021-34790 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34790
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. Varias vulnerabilidades en la Puerta de Enlace de Nivel de Aplicación (ALG) para la funcionalidad Network Address Translation (NAT) del software Cisco Adaptive Security Appliance (ASA) y el software Firepower Threat Defense (FTD) podrían permitir a un atacante remoto no autenticado omitir el ALG y abrir conexiones no autorizadas con un host situado detrás del ALG. Para conseguir más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 8.6EPSS: 0%CPEs: 58EXPL: 0CVE-2020-3196 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3196
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-dos-qY7BHpjN • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 44EXPL: 0CVE-2020-3191 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3191
A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipv6-67pA658k • CWE-20: Improper Input Validation •