CVE-2021-1493

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.

CVSS v3 7.1 HIGH
CVSS v2.0 7.5 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:C

Exploitability : 8.0 / Impact : 7.8

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

History

16 Aug 2023, 16:18

Type	Values Removed	Values Added
CPE	cpe:2.3:a:cisco:adaptive_security_appliance::::::::	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
First Time		Cisco adaptive Security Appliance Software

09 May 2021, 03:33

Type	Values Removed	Values Added
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG - Vendor Advisory
CPE		cpe:2.3:a:cisco:firepower_threat_defense:::::::: cpe:2.3:a:cisco:adaptive_security_appliance::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 7.1

29 Apr 2021, 18:48

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-04-29 18:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-1493

Mitre link : CVE-2021-1493

CVE.ORG link : CVE-2021-1493

JSON object : View

Products Affected

cisco

adaptive_security_appliance_software
firepower_threat_defense

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

7.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-1493

7.1^/10

7.5^/10

Attach tags to `CVE-2021-1493`