CVE-2021-40118

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:cisco:asa_5512-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:cisco:asa_5505_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:cisco:asa_5515-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:cisco:asa_5525-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:cisco:asa_5545-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:cisco:asa_5555-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:cisco:asa_5580_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:cisco:asa_5585-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*

History

16 Aug 2023, 16:17

Type Values Removed Values Added
First Time Cisco adaptive Security Appliance Software
CPE cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

05 Aug 2022, 11:51

Type Values Removed Values Added
CWE CWE-20 CWE-787

11 Jan 2022, 21:15

Type Values Removed Values Added
Summary Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

29 Oct 2021, 13:58

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 7.1
v3 : 7.5
CPE cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5585-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5515-x_firmware:009.015\(001.015\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.015\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5555-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5512-x_firmware:009.015\(001.016\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.016\(001\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5580_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5545-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5525-x_firmware:009.012\(004.024\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:asa_5505_firmware:009.016\(001\):*:*:*:*:*:*:*
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-KSqJAKPA - Vendor Advisory
CWE CWE-20

27 Oct 2021, 20:15

Type Values Removed Values Added
Summary Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

27 Oct 2021, 19:35

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-27 19:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-40118

Mitre link : CVE-2021-40118

CVE.ORG link : CVE-2021-40118


JSON object : View

Products Affected

cisco

  • firepower_threat_defense
  • adaptive_security_appliance
  • asa_5525-x_firmware
  • asa_5545-x
  • asa_5555-x
  • asa_5505
  • asa_5512-x_firmware
  • asa_5545-x_firmware
  • asa_5585-x_firmware
  • asa_5580
  • asa_5580_firmware
  • asa_5515-x_firmware
  • asa_5555-x_firmware
  • asa_5512-x
  • asa_5505_firmware
  • asa_5585-x
  • adaptive_security_appliance_software
  • asa_5525-x
  • asa_5515-x
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow