===================================================================== CERT-Renater Note d'Information No. 2021/VULN576 _____________________________________________________________________ DATE : 28/10/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco ASA Software, Cisco FTD Software, FMC Software, UTD Software. ===================================================================== https://tools.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-October-27. The following PSIRT security advisories (9 High, 10 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability - SIR: High 2) Multiple Cisco Products Snort Rule Denial of Service Vulnerability - SIR: High 3) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities - SIR: High 4) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability - SIR: High 5) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability - SIR: High 6) Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability - SIR: High 7) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability - SIR: High 8) Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability - SIR: High 9) Cisco Firepower Threat Defense Software Command Injection Vulnerabilities - SIR: High 10) Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability - SIR: Medium 11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerability - SIR: Medium 12) Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities - SIR: Medium 13) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv2 Site-to-Site VPN Denial of Service Vulnerability - SIR: Medium 14) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities - SIR: Medium 15) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability - SIR: Medium 16) Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities - SIR: Medium 17) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability - SIR: Medium 18) Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability - SIR: Medium 19) Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerabilities - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability CVE-2021-40117 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-4ygzLKU9 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-4ygzLKU9"] +-------------------------------------------------------------------- 2) Multiple Cisco Products Snort Rule Denial of Service Vulnerability CVE-2021-40116 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM"] +-------------------------------------------------------------------- 3) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities CVE-2021-1573, CVE-2021-34704, CVE-2021-40118 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA"] +-------------------------------------------------------------------- 4) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability CVE-2021-34792 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-Unk689XY ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-Unk689XY"] +-------------------------------------------------------------------- 5) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability CVE-2021-34783 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M"] +-------------------------------------------------------------------- 6) Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability CVE-2021-34781 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-rUDseW3r ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-rUDseW3r"] +-------------------------------------------------------------------- 7) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability CVE-2021-34793 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-JxYWMJyL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-JxYWMJyL"] +-------------------------------------------------------------------- 8) Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability CVE-2021-34762 SIR: High CVSS Score v(3.1): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dir-traversal-95UyW5tk ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dir-traversal-95UyW5tk"] +-------------------------------------------------------------------- 9) Cisco Firepower Threat Defense Software Command Injection Vulnerabilities CVE-2021-34752, CVE-2021-34755, CVE-2021-34756 SIR: High CVSS Score v(3.1): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"] +-------------------------------------------------------------------- 10) Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability CVE-2021-40114 SIR: Medium CVSS Score v(3.1): 6.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU"] +-------------------------------------------------------------------- 11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerability CVE-2021-1444 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM"] +-------------------------------------------------------------------- 12) Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities CVE-2021-34753, CVE-2021-34754 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP"] +-------------------------------------------------------------------- 13) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv2 Site-to-Site VPN Denial of Service Vulnerability CVE-2021-40125 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-g4cmrr7C ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-g4cmrr7C"] +-------------------------------------------------------------------- 14) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities CVE-2021-34790, CVE-2021-34791 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng"] +-------------------------------------------------------------------- 15) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability CVE-2021-34787 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-ejjOgQEY ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-ejjOgQEY"] +-------------------------------------------------------------------- 16) Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities CVE-2021-34763, CVE-2021-34764 SIR: Medium CVSS Score v(3.1): 4.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-openredir-TVPMWJyg ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-openredir-TVPMWJyg"] +-------------------------------------------------------------------- 17) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability CVE-2021-34794 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmpaccess-M6yOweq3 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmpaccess-M6yOweq3"] +-------------------------------------------------------------------- 18) Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability CVE-2021-34761 SIR: Medium CVSS Score v(3.1): 4.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-write-SHVcmQVc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-write-SHVcmQVc"] +-------------------------------------------------------------------- 19) Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerabilities CVE-2021-34750, CVE-2021-34751 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================