1. Home
  2. CVE Database
  3. CVE-2021-1422
HIGH · 7.7

CVE-2021-1422

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker ...

Vulnerability Description

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

CVSS Score

7.7

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoAdaptive Security Appliance Software9.16.1
CiscoFirepower Threat Defense7.0.0.0
CiscoAdaptive Security Virtual Appliance-
CiscoFirepower 2100-
CiscoFirepower 2110-
CiscoFirepower 2120-
CiscoFirepower 2130-
CiscoFirepower 2140-
CiscoFtd Virtual-

Related Weaknesses (CWE)

CWE-617

References

FAQ

What is CVE-2021-1422?

CVE-2021-1422 is a vulnerability with a CVSS score of 7.7 (HIGH). A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker ...

How severe is CVE-2021-1422?

CVE-2021-1422 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1422?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software, Cisco Firepower Threat Defense, Cisco Adaptive Security Virtual Appliance, Cisco Firepower 2100, Cisco Firepower 2110.