Vulnerability Details : CVE-2021-1573
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2021-1573
- cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
- Cisco » Adaptive Security Appliance SoftwareVersions from including (>=) 9.8 and before (<) 9.8.4.40cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
- Cisco » Adaptive Security Appliance SoftwareVersions from including (>=) 9.9 and before (<) 9.12.4.26cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
- Cisco » Adaptive Security Appliance SoftwareVersions from including (>=) 9.16 and before (<) 9.16.1.28cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
- Cisco » Adaptive Security Appliance SoftwareVersions from including (>=) 9.15 and before (<) 9.15.1.17cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
- Cisco » Adaptive Security Appliance SoftwareVersions from including (>=) 9.13 and before (<) 9.14.3cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-1573
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-1573
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
Cisco Systems, Inc. |
CWE ids for CVE-2021-1573
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: ykramarz@cisco.com (Secondary)
-
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2021-1573
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service VulnerabilitiesVendor Advisory
Jump to