CVE-2021-1402

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
OR cpe:2.3:a:cisco:firepower_threat_defense_virtual:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:44

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c - Vendor Advisory

Information

Published : 2021-04-29 18:15

Updated : 2024-11-21 05:44


NVD link : CVE-2021-1402

Mitre link : CVE-2021-1402

CVE.ORG link : CVE-2021-1402


JSON object : View

Products Affected

cisco

  • firepower_1140
  • firepower_1010
  • firepower_1150
  • asa_5555-x
  • firepower_2110
  • isa_3000
  • firepower_threat_defense
  • firepower_2130
  • asa_5545-x
  • firepower_1120
  • firepower_2120
  • firepower_2140
  • firepower_threat_defense_virtual
  • asa_5515-x
  • asa_5525-x
  • asa_5512-x
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-20

Improper Input Validation