CVE-2021-1422: Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability
First published: Fri Jul 16 2021(Updated: )
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance Software | =9.16.1 | |
| Cisco Firepower Threat Defense | =7.0.0.0 | |
| Cisco Adaptive Security Virtual Appliance | ||
| Cisco Firepower 2100 | ||
| Cisco Firepower 2110 | ||
| Cisco Firepower 2120 | ||
| Cisco Firepower 2130 | ||
| Cisco Firepower 2140 | ||
| Cisco Ftd Virtual |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco ASA and FTD vulnerability?
The vulnerability ID for this Cisco ASA and FTD vulnerability is CVE-2021-1422.
What is the severity of CVE-2021-1422?
The severity of CVE-2021-1422 is 7.7 (High).
How does the vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software impact the system?
The vulnerability allows an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the system.
Which versions of Cisco Adaptive Security Appliance Software are affected by CVE-2021-1422?
Cisco Adaptive Security Appliance Software version 9.16.1 is affected by CVE-2021-1422.
Which versions of Cisco Firepower Threat Defense are affected by CVE-2021-1422?
Cisco Firepower Threat Defense version 7.0.0.0 is affected by CVE-2021-1422.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/9.16.1
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/7.0.0.0
- canonical/cisco adaptive security virtual appliance
- canonical/cisco firepower 2100
- canonical/cisco firepower 2110
- canonical/cisco firepower 2120
- canonical/cisco firepower 2130
- canonical/cisco firepower 2140
- canonical/cisco ftd virtual