CVE-2021-1493 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2021-1493

Modified

More Info Official Page

Source-ykramarz@cisco.com

Published At-29 Apr, 2021 | 18:15

Updated At-07 Nov, 2023 | 03:28

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Secondary	3.1	8.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:S/C:P/I:N/A:C

Type: Primary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 8.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:S/C:P/I:N/A:C

CPE Matches

Cisco Systems, Inc.

>>firepower_threat_defense>>Versions before 6.4.0.12(exclusive)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_threat_defense>>Versions from 6.5.0(inclusive) to 6.6.3(exclusive)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>firepower_threat_defense>>Versions from 6.7.0(inclusive) to 6.7.0.1(exclusive)

cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>adaptive_security_appliance_software>>Versions from 9.8(inclusive) to 9.8.4.34(exclusive)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>adaptive_security_appliance_software>>Versions from 9.9(inclusive) to 9.9.2.85(exclusive)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>adaptive_security_appliance_software>>Versions from 9.10(inclusive) to 9.12.4.13(exclusive)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>adaptive_security_appliance_software>>Versions from 9.13(inclusive) to 9.13.1.21(exclusive)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>adaptive_security_appliance_software>>Versions from 9.14(inclusive) to 9.14.2.8(exclusive)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>adaptive_security_appliance_software>>Versions from 9.15(inclusive) to 9.15.1.7(exclusive)

cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	ykramarz@cisco.com

CWE ID: CWE-120

Type: Primary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG

Source: ykramarz@cisco.com

Resource:

Vendor Advisory