{"id": "CVE-2021-40117", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2021-10-27T19:15:08.770", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-4ygzLKU9", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el administrador de mensajes SSL/TLS para el software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se presenta porque los paquetes SSL/TLS entrantes no se procesan correctamente. Un atacante podr\u00eda aprovechar esta vulnerabilidad mediante el env\u00edo de un paquete SSL/TLS dise\u00f1ado a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar una recarga del dispositivo afectado, resultando en una condici\u00f3n de DoS"}], "lastModified": "2023-11-07T03:38:28.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C7F329B-4EF5-411A-9AB6-02E6A4162D6D", "versionEndExcluding": "9.8.4.40"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF9BD61A-3390-4FEC-A6FC-B828700734F1", "versionEndExcluding": "6.2.3.17"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F27ABB44-FC9A-457D-AFB7-D7CB8119C9AE", "versionEndExcluding": "6.4.0.13", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18589C74-19D2-44F0-AF26-68910E26655D", "versionEndExcluding": "6.6.5", "versionStartIncluding": "6.5.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98DEDDAB-B8C5-4753-A208-94638E694FC1", "versionEndExcluding": "6.7.0.3", "versionStartIncluding": "6.7.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B2F537A-A488-45B6-AD4B-48B7064AE84C", "versionEndExcluding": "7.0.1", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9F99428-8509-489C-8658-6422BAE20B86", "versionEndExcluding": "9.12.4.26", "versionStartIncluding": "9.9.0"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "333EFE8A-1514-4F7A-BBF4-876DC1B2E5A4", "versionEndExcluding": "9.14.3.9", "versionStartIncluding": "9.13.0"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6EC0723-CBC7-45A7-8B30-B680E8A771EF", "versionEndExcluding": "9.15.1.17", "versionStartIncluding": "9.15.0"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "310B86D1-730D-4D8A-AC95-31FBE4F7D1E6", "versionEndExcluding": "9.16.2.3", "versionStartIncluding": "9.16.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:009.009\\(002.085\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A6C8151-DD31-4176-9871-64F6D0473D92"}, {"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:009.014\\(002.106\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "013CE3DB-A4D9-47EB-9CA6-F3A116E0FDB2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:009.009\\(002.085\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B6B6A4A-903A-4DC2-ACF8-C8A3F07B905E"}, {"criteria": "cpe:2.3:o:cisco:asa_5505_firmware:009.014\\(002.106\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7166E020-D9CE-4CF4-96F3-DE60487CCF31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:009.009\\(002.085\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F51225C-BDF6-4C62-A6D0-29858BB409BA"}, {"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:009.014\\(002.106\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1806CB8E-BA50-405C-84F8-09B7E46A42F2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:009.009\\(002.085\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59BAA486-CB14-475F-B3EB-4EDBECF80046"}, {"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:009.014\\(002.106\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D35C749C-F2BB-4A5D-8D95-971AFCE0C0A0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:009.009\\(002.085\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A2012ED-9F23-4169-8501-B0897F658AFE"}, {"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:009.014\\(002.106\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EDD12C0-7F42-4AE2-A3DA-57D5DC82050F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:009.009\\(002.085\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3233ED72-BAF5-4532-8478-6F44B5A66FA6"}, {"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:009.014\\(002.106\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C40D9C60-CD17-4ACE-961C-8580EC2256C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:009.009\\(002.085\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAEA3B03-7E79-4917-9E7A-EA73E90E3D61"}, {"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:009.014\\(002.106\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02308BB6-79AA-46A4-B723-12A30BF15119"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:009.009\\(002.085\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E904DE37-F6C5-459F-8A8A-9E9AA7C59170"}, {"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:009.014\\(002.106\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF60431F-E808-4828-B67D-1B87A4E5DDF2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}