CVE-2021-34791 - Vulnerability Details

CVE-2021-34791 - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Adaptive Security Appliance Adaptive Security Appliance Software Asa 5505 Asa 5505 Firmware Asa 5512-x Asa 5512-x Firmware Asa 5515-x Asa 5515-x Firmware Asa 5525-x Asa 5525-x Firmware Asa 5545-x Asa 5545-x Firmware Asa 5555-x Asa 5555-x Firmware Asa 5580 Asa 5580 Firmware Asa 5585-x Asa 5585-x Firmware Firepower Threat Defense

Configuration 1 [-]

OR	cpe:2.3:a:cisco:adaptive_security_appliance::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:asa_5512-x_firmware:009.008:::::::*
	cpe:2.3:o:cisco:asa_5512-x_firmware:009.015:::::::*

cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:asa_5505_firmware:009.008:::::::*
	cpe:2.3:o:cisco:asa_5505_firmware:009.015:::::::*

cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cisco:asa_5515-x_firmware:009.008:::::::*
	cpe:2.3:o:cisco:asa_5515-x_firmware:009.015:::::::*

cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:cisco:asa_5525-x_firmware:009.008:::::::*
	cpe:2.3:o:cisco:asa_5525-x_firmware:009.015:::::::*

cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:cisco:asa_5545-x_firmware:009.008:::::::*
	cpe:2.3:o:cisco:asa_5545-x_firmware:009.015:::::::*

cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:cisco:asa_5555-x_firmware:009.008:::::::*
	cpe:2.3:o:cisco:asa_5555-x_firmware:009.015:::::::*

cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:cisco:asa_5580_firmware:009.008:::::::*
	cpe:2.3:o:cisco:asa_5580_firmware:009.015:::::::*

cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:cisco:asa_5585-x_firmware:009.008:::::::*
	cpe:2.3:o:cisco:asa_5585-x_firmware:009.015:::::::*

cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng

History

Thu, 07 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-10-27T18:56:15.009931Z

Updated: 2024-11-07T21:43:54.507Z

Reserved: 2021-06-15T00:00:00

Link: CVE-2021-34791

Vulnrichment

Updated: 2024-08-04T00:19:48.252Z

NVD

Status : Modified

Published: 2021-10-27T19:15:08.457

Modified: 2024-11-21T06:11:12.753

Link: CVE-2021-34791

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object