A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
05 Aug 2022, 16:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
10 May 2021, 12:30
Type | Values Removed | Values Added |
---|---|---|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.8
v3 : 8.6 |
CPE | cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense_virtual:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:* |
29 Apr 2021, 18:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-29 18:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-1402
Mitre link : CVE-2021-1402
CVE.ORG link : CVE-2021-1402
JSON object : View
Products Affected
cisco
- isa_3000
- firepower_1120
- firepower_threat_defense
- firepower_1140
- firepower_2140
- asa_5545-x
- asa_5555-x
- firepower_threat_defense_virtual
- firepower_1010
- firepower_1150
- firepower_2110
- firepower_2130
- asa_5525-x
- firepower_2120
- asa_5512-x
- asa_5515-x