// For flags

CVE-2021-1422

Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

Severity Score

7.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

Una vulnerabilidad en el módulo de criptografía de software de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software, podría permitir a un atacante remoto autenticado o a un atacante no autenticado en una posición de tipo man-in-the-middle causar una recarga inesperada del dispositivo que resulta en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a un error lógico en como el módulo de criptografía del software maneja tipos específicos de errores de descifrado. Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes maliciosos a través de una conexión IPsec establecida. Una explotación con éxito podría causar el bloqueo del dispositivo, obligándolo a recargarse. Importante: Una explotación con éxito de esta vulnerabilidad no causaría un compromiso de ningún dato encriptado. Nota: Esta vulnerabilidad sólo afecta la versión 9.16.1 del software Cisco ASA y la versión 7.0.0 del software Cisco FTD

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2020-11-13 CVE Reserved
  • 2021-07-16 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-617: Reachable Assertion
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Adaptive Security Appliance Software
Search vendor "Cisco" for product "Adaptive Security Appliance Software"
9.16.1
Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.16.1"
-
Affected
in Cisco
Search vendor "Cisco"
Adaptive Security Virtual Appliance
Search vendor "Cisco" for product "Adaptive Security Virtual Appliance"
--
Safe
Cisco
Search vendor "Cisco"
Adaptive Security Appliance Software
Search vendor "Cisco" for product "Adaptive Security Appliance Software"
9.16.1
Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.16.1"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2100
Search vendor "Cisco" for product "Firepower 2100"
--
Safe
Cisco
Search vendor "Cisco"
Adaptive Security Appliance Software
Search vendor "Cisco" for product "Adaptive Security Appliance Software"
9.16.1
Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.16.1"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2110
Search vendor "Cisco" for product "Firepower 2110"
--
Safe
Cisco
Search vendor "Cisco"
Adaptive Security Appliance Software
Search vendor "Cisco" for product "Adaptive Security Appliance Software"
9.16.1
Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.16.1"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2120
Search vendor "Cisco" for product "Firepower 2120"
--
Safe
Cisco
Search vendor "Cisco"
Adaptive Security Appliance Software
Search vendor "Cisco" for product "Adaptive Security Appliance Software"
9.16.1
Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.16.1"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2130
Search vendor "Cisco" for product "Firepower 2130"
--
Safe
Cisco
Search vendor "Cisco"
Adaptive Security Appliance Software
Search vendor "Cisco" for product "Adaptive Security Appliance Software"
9.16.1
Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.16.1"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2140
Search vendor "Cisco" for product "Firepower 2140"
--
Safe
Cisco
Search vendor "Cisco"
Adaptive Security Appliance Software
Search vendor "Cisco" for product "Adaptive Security Appliance Software"
9.16.1
Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.16.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ftd Virtual
Search vendor "Cisco" for product "Ftd Virtual"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.0"
-
Affected
in Cisco
Search vendor "Cisco"
Adaptive Security Virtual Appliance
Search vendor "Cisco" for product "Adaptive Security Virtual Appliance"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.0"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2100
Search vendor "Cisco" for product "Firepower 2100"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.0"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2110
Search vendor "Cisco" for product "Firepower 2110"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.0"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2120
Search vendor "Cisco" for product "Firepower 2120"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.0"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2130
Search vendor "Cisco" for product "Firepower 2130"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.0"
-
Affected
in Cisco
Search vendor "Cisco"
Firepower 2140
Search vendor "Cisco" for product "Firepower 2140"
--
Safe
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.0"
-
Affected
in Cisco
Search vendor "Cisco"
Ftd Virtual
Search vendor "Cisco" for product "Ftd Virtual"
--
Safe