Denial of service in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software

This security bulletin contains one medium risk vulnerability.


1) Improper Enforcement of Message Integrity During Transmission in a Communication Channel


EUVDB-ID: #VU57753


Risk: Medium


CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]


CVE-ID: CVE-2021-34793


CWE-ID: CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel


Exploit availability: No


Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.


The vulnerability exists in the TCP Normalizer when handling certain TCP segments. A remote attacker can send a specially crafted TCP segment through an affected device and poison MAC address tables.


Successful exploitation of the vulnerability may allow an attacker to perform a denial of service attack but requires the affected device to be operating in transparent mode.


Mitigation

Install update from vendor's website.


Vulnerable software versions

Cisco Adaptive Security Appliance (ASA) Software: 9.7, 9.8, 9.8.4.3, 9.8.4.7, 9.8.4.10, 9.8.4.12, 9.8.4.15, 9.8.4.17, 9.8.4.20, 9.8.4.22, 9.8.4.25, 9.8.4.26, 9.8.4.29, 9.8.4.35, 9.9, 9.9.2.52, 9.9.2.66, 9.9.2.67, 9.9.2.74, 9.9.2.80, 9.9.2.85, 9.10, 9.10.1.22, 9.10.1.27, 9.10.1.30, 9.10.1.37, 9.10.1.39, 9.10.1.42, 9.10.1.43, 9.10.1.44, 9.12, 9.12.2, 9.12.2.1, 9.12.2.9, 9.12.3, 9.12.3.2, 9.12.3.7, 9.12.3.9, 9.12.3.12, 9.12.4.2, 9.12.4.3, 9.12.4.4, 9.12.4.13, 9.12.4.18, 9.13, 9.13.1.2, 9.13.1.7, 9.13.1.10, 9.13.1.12, 9.13.1.13, 9.13.1.21, 9.14, 9.14.1.10, 9.14.1.15, 9.14.1.19, 9.14.1.30, 9.14.2.8, 9.14.2.13, 9.15.1.7, 9.15.1.10


ASA 5500-X Series Firewalls: All versions


Cisco Firepower Threat Defense (FTD): 6.2.0, 6.2.1, 6.2.2, 6.2.2.1, 6.2.3, 6.2.3.4, 6.2.3.12, 6.2.3.13, 6.2.3.15, 6.2.3.16, 6.3.0, 6.3.0.2, 6.3.0.4, 6.3.0.5, 6.3.0.6, 6.4.0, 6.4.0.2, 6.4.0.3, 6.4.0.4, 6.4.0.6, 6.4.0.7, 6.4.0.8, 6.4.0.10, 6.4.0.12, 6.5.0, 6.5.0.2, 6.5.0.3, 6.5.0.4, 6.5.0.5, 6.6.0, 6.6.0.1, 6.6.1, 6.6.4, 6.7.0


CPE2.3
External links

http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx46296http://tools.cisco.com/security/center/content/ ..

Support the originator by clicking the read the rest link below.