First published: Wed Oct 27 2021(Updated: )
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Firepower Threat Defense | >=6.4.0<6.4.0.13 | |
Cisco Firepower Threat Defense | >=6.6.0<6.6.5 | |
Cisco Firepower Threat Defense | >=6.7.0<6.7.0.3 | |
Cisco Firepower Threat Defense | >=7.0.0<7.0.1 | |
Cisco Adaptive Security Appliance Software | >=9.8.0<9.8.4.40 | |
Cisco Adaptive Security Appliance Software | >=9.12.0<9.12.4.29 | |
Cisco Adaptive Security Appliance Software | >=9.14.0<9.14.3.9 | |
Cisco Adaptive Security Appliance Software | >=9.15.0<9.15.1.17 | |
Cisco Adaptive Security Appliance Software | >=9.16.0<9.16.2 | |
Cisco Asa 5512-x Firmware | =009.016\(001\) | |
Cisco Asa 5512-x Firmware | =009.016\(001.025\) | |
Cisco Asa 5512-x | ||
Cisco Asa 5505 Firmware | =009.016\(001\) | |
Cisco Asa 5505 Firmware | =009.016\(001.025\) | |
Cisco Asa 5505 | ||
Cisco Asa 5515-x Firmware | =009.016\(001\) | |
Cisco Asa 5515-x Firmware | =009.016\(001.025\) | |
Cisco Asa 5515-x | ||
Cisco Asa 5525-x Firmware | =009.016\(001\) | |
Cisco Asa 5525-x Firmware | =009.016\(001.025\) | |
Cisco Asa 5525-x | ||
Cisco Asa 5545-x Firmware | =009.016\(001\) | |
Cisco Asa 5545-x Firmware | =009.016\(001.025\) | |
Cisco Asa 5545-x | ||
Cisco Asa 5555-x Firmware | =009.016\(001\) | |
Cisco Asa 5555-x Firmware | =009.016\(001.025\) | |
Cisco Asa 5555-x | ||
Cisco Asa 5580 Firmware | =009.016\(001\) | |
Cisco Asa 5580 Firmware | =009.016\(001.025\) | |
Cisco Asa 5580 | ||
Cisco Asa 5585-x Firmware | =009.016\(001\) | |
Cisco Asa 5585-x Firmware | =009.016\(001.025\) | |
Cisco Asa 5585-x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34783 is a vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software.
CVE-2021-34783 can allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
Versions 6.4.0 to 6.4.0.13, 6.6.0 to 6.6.5, 6.7.0 to 6.7.0.3, and 7.0.0 to 7.0.1 of Cisco Firepower Threat Defense are affected by CVE-2021-34783.
Versions 9.8.0 to 9.8.4.40, 9.12.0 to 9.12.4.29, 9.14.0 to 9.14.3.9, 9.15.0 to 9.15.1.17, and 9.16.0 to 9.16.2 of Cisco Adaptive Security Appliance Software are affected by CVE-2021-34783.
Cisco has released software updates to address CVE-2021-34783. It is recommended to upgrade to a fixed software release.