CVE-2021-34704

Summary

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Adaptive Security Appliance Softwareunspecified < 6.4.0.13affected
CiscoCisco Firepower Threat Defense Softwareunspecified < 6.6.5affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow
  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References