Which versions of Cisco Firepower Threat Defense are affected by CVE-2021-34783?

Versions 6.4.0 to 6.4.0.13, 6.6.0 to 6.6.5, 6.7.0 to 6.7.0.3, and 7.0.0 to 7.0.1 of Cisco Firepower Threat Defense are affected by CVE-2021-34783.

Which versions of Cisco Adaptive Security Appliance Software are affected by CVE-2021-34783?

Versions 9.8.0 to 9.8.4.40, 9.12.0 to 9.12.4.29, 9.14.0 to 9.14.3.9, 9.15.0 to 9.15.1.17, and 9.16.0 to 9.16.2 of Cisco Adaptive Security Appliance Software are affected by CVE-2021-34783.

How can I mitigate the impact of CVE-2021-34783?

Cisco has released software updates to address CVE-2021-34783. It is recommended to upgrade to a fixed software release.

Vulnerability/
CVE-2021-34783

high

8.6

CWE

20 119

27/10/2021

7/11/2024

CVE-2021-34783: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability

Q: What is CVE-2021-34783?

CVE-2021-34783 is a vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software.

Q: How does CVE-2021-34783 impact Cisco Adaptive Security Appliance Software?

CVE-2021-34783 can allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

First published: Wed Oct 27 2021(Updated: )

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Threat Defense	>=6.4.0<6.4.0.13
Cisco Firepower Threat Defense	>=6.6.0<6.6.5
Cisco Firepower Threat Defense	>=6.7.0<6.7.0.3
Cisco Firepower Threat Defense	>=7.0.0<7.0.1
Cisco Adaptive Security Appliance Software	>=9.8.0<9.8.4.40
Cisco Adaptive Security Appliance Software	>=9.12.0<9.12.4.29
Cisco Adaptive Security Appliance Software	>=9.14.0<9.14.3.9
Cisco Adaptive Security Appliance Software	>=9.15.0<9.15.1.17
Cisco Adaptive Security Appliance Software	>=9.16.0<9.16.2
Cisco Asa 5512-x Firmware	=009.016\(001\)
Cisco Asa 5512-x Firmware	=009.016\(001.025\)
Cisco Asa 5512-x
Cisco Asa 5505 Firmware	=009.016\(001\)
Cisco Asa 5505 Firmware	=009.016\(001.025\)
Cisco Asa 5505
Cisco Asa 5515-x Firmware	=009.016\(001\)
Cisco Asa 5515-x Firmware	=009.016\(001.025\)
Cisco Asa 5515-x
Cisco Asa 5525-x Firmware	=009.016\(001\)
Cisco Asa 5525-x Firmware	=009.016\(001.025\)
Cisco Asa 5525-x
Cisco Asa 5545-x Firmware	=009.016\(001\)
Cisco Asa 5545-x Firmware	=009.016\(001.025\)
Cisco Asa 5545-x
Cisco Asa 5555-x Firmware	=009.016\(001\)
Cisco Asa 5555-x Firmware	=009.016\(001.025\)
Cisco Asa 5555-x
Cisco Asa 5580 Firmware	=009.016\(001\)
Cisco Asa 5580 Firmware	=009.016\(001.025\)
Cisco Asa 5580
Cisco Asa 5585-x Firmware	=009.016\(001\)
Cisco Asa 5585-x Firmware	=009.016\(001.025\)
Cisco Asa 5585-x

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M

Frequently Asked Questions

What is CVE-2021-34783?
CVE-2021-34783 is a vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software.
How does CVE-2021-34783 impact Cisco Adaptive Security Appliance Software?
CVE-2021-34783 can allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
Which versions of Cisco Firepower Threat Defense are affected by CVE-2021-34783?
Versions 6.4.0 to 6.4.0.13, 6.6.0 to 6.6.5, 6.7.0 to 6.7.0.3, and 7.0.0 to 7.0.1 of Cisco Firepower Threat Defense are affected by CVE-2021-34783.
Which versions of Cisco Adaptive Security Appliance Software are affected by CVE-2021-34783?
Versions 9.8.0 to 9.8.4.40, 9.12.0 to 9.12.4.29, 9.14.0 to 9.14.3.9, 9.15.0 to 9.15.1.17, and 9.16.0 to 9.16.2 of Cisco Adaptive Security Appliance Software are affected by CVE-2021-34783.
How can I mitigate the impact of CVE-2021-34783?
Cisco has released software updates to address CVE-2021-34783. It is recommended to upgrade to a fixed software release.

collector/nvd-api
collector/nvd-index
agent/weakness
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/last-modified-date
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/cisco
canonical/cisco firepower threat defense
version/cisco firepower threat defense/6.4.0
version/cisco firepower threat defense/6.6.0
version/cisco firepower threat defense/6.7.0
version/cisco firepower threat defense/7.0.0
canonical/cisco adaptive security appliance software
version/cisco adaptive security appliance software/9.8.0
version/cisco adaptive security appliance software/9.12.0
version/cisco adaptive security appliance software/9.14.0
version/cisco adaptive security appliance software/9.15.0
version/cisco adaptive security appliance software/9.16.0
canonical/cisco asa 5512-x firmware
version/cisco asa 5512-x firmware/009.016\(001\)
version/cisco asa 5512-x firmware/009.016\(001.025\)
canonical/cisco asa 5512-x
canonical/cisco asa 5505 firmware
version/cisco asa 5505 firmware/009.016\(001\)
version/cisco asa 5505 firmware/009.016\(001.025\)
canonical/cisco asa 5505
canonical/cisco asa 5515-x firmware
version/cisco asa 5515-x firmware/009.016\(001\)
version/cisco asa 5515-x firmware/009.016\(001.025\)
canonical/cisco asa 5515-x
canonical/cisco asa 5525-x firmware
version/cisco asa 5525-x firmware/009.016\(001\)
version/cisco asa 5525-x firmware/009.016\(001.025\)
canonical/cisco asa 5525-x
canonical/cisco asa 5545-x firmware
version/cisco asa 5545-x firmware/009.016\(001\)
version/cisco asa 5545-x firmware/009.016\(001.025\)
canonical/cisco asa 5545-x
canonical/cisco asa 5555-x firmware
version/cisco asa 5555-x firmware/009.016\(001\)
version/cisco asa 5555-x firmware/009.016\(001.025\)
canonical/cisco asa 5555-x
canonical/cisco asa 5580 firmware
version/cisco asa 5580 firmware/009.016\(001\)
version/cisco asa 5580 firmware/009.016\(001.025\)
canonical/cisco asa 5580
canonical/cisco asa 5585-x firmware
version/cisco asa 5585-x firmware/009.016\(001\)
version/cisco asa 5585-x firmware/009.016\(001.025\)
canonical/cisco asa 5585-x

CVE-2021-34783: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-34783?

How does CVE-2021-34783 impact Cisco Adaptive Security Appliance Software?

Which versions of Cisco Firepower Threat Defense are affected by CVE-2021-34783?

Which versions of Cisco Adaptive Security Appliance Software are affected by CVE-2021-34783?

How can I mitigate the impact of CVE-2021-34783?

Company

Resources

Contact