{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B60D48C-19D8-4015-8D25-D3C0165C6080",
                     versionEndExcluding: "6.4.0",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5432C87-A9AF-4CC8-8573-443562963519",
                     versionEndExcluding: "6.6.0",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:firepower_threat_defense_virtual:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A38E373E-438F-44F6-AABF-2C57142507EE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "08F0F160-DAD2-48D4-B7B2-4818B2526F35",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "977D597B-F6DE-4438-AB02-06BE64D71EBE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB71EB29-0115-4307-A9F7-262394FD9FB0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "57179F60-E330-4FF0-9664-B1E4637FF210",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5535C936-391B-4619-AA03-B35265FC15D7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FFE3880-4B85-4E23-9836-70875D5109F7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "727A02E8-40A1-4DFE-A3A2-91D628D3044F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19F6546E-28F4-40DC-97D6-E0E023FE939B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D96810-5F79-4A83-B8CA-D015790FCF72",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "16FE2945-4975-4003-AE48-7E134E167A7F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "976901BF-C52C-4F81-956A-711AF8A60140",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9510E97A-FD78-43C6-85BC-223001ACA264",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el controlador de mensajes SSL/TLS basado en software del software Cisco Firepower Threat Defense (FTD) podría permitir a un atacante remoto no autenticado activar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a una comprobación insuficiente de los mensajes SSL/TLS cuando el dispositivo lleva a cabo el descifrado SSL basado en software. Un atacante podría explotar esta vulnerabilidad mediante el envío de un mensaje SSL/TLS diseñado por medio de un dispositivo afectado. Los mensajes SSL/TLS enviados a un dispositivo afectado no desencadenan esta vulnerabilidad. Una explotación con éxito podría permitir al atacante causar el bloqueo de un proceso. Este bloqueo podría entonces desencadenar una recarga del dispositivo. No es necesaria una intervención manual para recuperar el dispositivo después de la recarga",
      },
   ],
   id: "CVE-2021-1402",
   lastModified: "2024-11-21T05:44:16.410",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-29T18:15:08.923",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "64116F5B-671C-46DB-A78D-AB14AAF946FD",
                     versionEndIncluding: "6.1.0.7",
                     versionStartIncluding: "6.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC8A9EB8-D0BF-453B-BB21-5EE5D8E29728",
                     versionEndExcluding: "6.2.0.5",
                     versionStartIncluding: "6.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78E5B29-1033-4151-A1C2-063D590C0B34",
                     versionEndExcluding: "6.2.2.2",
                     versionStartIncluding: "6.2.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FA3D6C9-26CC-4E6C-A71A-C50119CC434B",
                     versionEndExcluding: "9.6.4.6",
                     versionStartIncluding: "9.6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4174F9-9031-437E-82DE-F58F35594ED0",
                     versionEndExcluding: "9.7.1.24",
                     versionStartIncluding: "9.7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F0EB447-BAF2-4ED2-BE4A-02F7FE9E35EE",
                     versionEndExcluding: "9.8.2.24",
                     versionStartIncluding: "9.8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B68B0C20-2628-4355-A48F-619E755305DD",
                     versionEndExcluding: "9.9.1.4",
                     versionStartIncluding: "9.9.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E785C602-BE11-4FFC-A2A7-EC520E220C0F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:firepower_threat_defense_virtual:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A38E373E-438F-44F6-AABF-2C57142507EE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:7604:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "65973B50-2AA1-4B83-925A-8DB2D4720ADB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:7606-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25DD80A8-F664-4C30-A89F-C2299CCACB7E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:7609-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "385DBA44-E84B-4752-8E8E-170EF13784D7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:7613-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1E30F72-0218-496D-BFAD-CED0AAC5E58E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5505:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "42EACCF8-8E5F-4227-9B09-9F3B40462B29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5506-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4916B846-AEAD-4C06-9705-048627F27236",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5506h-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "931B9C8E-6AD7-4E05-8E48-27D3931DC8BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5512-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B202C089-E348-42E0-8818-BB3874B28AFD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5515-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F449766B-F279-41B3-B0D6-049EF05B8DCE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5520:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7293B424-1022-4013-8A5F-5A023D3DB181",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5540:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5FF447F-AE88-4B08-BDE8-26B642BEA80C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5545-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EF47542-3C2E-4BDB-823F-9A901312C634",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5555-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A567EFB6-9A19-4BC0-8EE2-6E2219D09961",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa-5585-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "70928713-E277-4707-9A8A-3438D1760ECE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "763B801D-CA1E-4C56-8B06-3373EA307C7E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D11AF728-8EB0-45EB-A7DD-F2D52B3BB7B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92AE506A-E710-465B-B795-470FDE0E0ECA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B091B9BA-D4CA-435B-8D66-602B45F0E0BD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5516-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E07AF10-FFB2-4AC7-BBE7-199C3EFED81F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB71EB29-0115-4307-A9F7-262394FD9FB0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6287D95-F564-44B7-A0F9-91396D7C2C4E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5535C936-391B-4619-AA03-B35265FC15D7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6500-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "15B48565-92C7-4AE1-AE3A-6FF7DD010745",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6503-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F202892E-2E58-4D77-B983-38AFA51CDBC6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6504-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F57DF3E-4069-4EF0-917E-84CDDFCEBEEF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6506-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BE25114-ABBC-47A0-9C20-E8D40D721313",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6509-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FADD5F49-2817-40EC-861C-C922825708BD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6509-neb-a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E628F9C4-98C6-4A95-AF81-F1E6A56E8648",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6509-v-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AFF899C-1EB3-46D8-9003-EA36A68C90B3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6513:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6463491-F63E-44CB-A1D4-C029BE7D3D3D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6513-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8668D34-096B-4FC3-B9B1-0ECFD6265778",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D96810-5F79-4A83-B8CA-D015790FCF72",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "16FE2945-4975-4003-AE48-7E134E167A7F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "976901BF-C52C-4F81-956A-711AF8A60140",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38AE6DC0-2B03-4D36-9856-42530312CC46",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DB2822B-B752-4CD9-A178-934957E306B4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:isa-3000-2c2f:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "646795EF-D545-44FE-ADD9-E950783CF976",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:isa-3000-4c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A81184F2-631A-46FA-AB96-2B2D20FBEC8D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en la característica Application Layer Protocol de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software podrían permitir que un atacante remoto no autenticado desencadene una recarga del dispositivo afectado, lo que resulta en una denegación de servicio (DoS). Las vulnerabilidades se deben a errores de lógica durante la inspección de tráfico. Un atacante podría explotar estas vulnerabilidades enviando un gran volumen de tráfico malicioso a través de un dispositivo afectado. Su explotación podría permitir que el atacante provoque una condición de deadlock, lo que resulta en la recarga del dispositivo afectado. Estas vulnerabilidades afectan a las versiones de Cisco ASA Software y Cisco FTD Software configuradas para la inspección de Application Layer Protocol en los siguientes productos de Cisco: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module y FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.",
      },
   ],
   id: "CVE-2018-0240",
   lastModified: "2024-11-21T03:37:47.810",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-04-19T20:29:00.817",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103934",
      },
      {
         source: "psirt@cisco.com",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040722",
      },
      {
         source: "psirt@cisco.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01",
      },
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103934",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040722",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:11:16.984Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210428 Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-1402",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-08T20:02:25.729317Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-08T23:25:17.062Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Firepower Threat Defense Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-04-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-29T17:15:17",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210428 Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c",
            },
         ],
         source: {
            advisory: "cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c",
            defect: [
               [
                  "CSCvo46649",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-04-28T16:00:00",
               ID: "CVE-2021-1402",
               STATE: "PUBLIC",
               TITLE: "Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Firepower Threat Defense Software",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.6",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-119",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210428 Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c",
               defect: [
                  [
                     "CSCvo46649",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-1402",
      datePublished: "2021-04-29T17:15:17.610491Z",
      dateReserved: "2020-11-13T00:00:00",
      dateUpdated: "2024-11-08T23:25:17.062Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:21:14.947Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect",
               },
               {
                  name: "1040722",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040722",
               },
               {
                  name: "103934",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103934",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-0240",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-29T14:44:25.368518Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-29T15:17:08.486Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Adaptive Security Appliance",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Cisco Adaptive Security Appliance",
                  },
               ],
            },
         ],
         datePublic: "2018-04-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-399",
                     description: "CWE-399",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-07-05T17:57:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect",
            },
            {
               name: "1040722",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040722",
            },
            {
               name: "103934",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103934",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2018-0240",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco Adaptive Security Appliance",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Cisco Adaptive Security Appliance",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-399",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect",
                     refsource: "CONFIRM",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect",
                  },
                  {
                     name: "1040722",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040722",
                  },
                  {
                     name: "103934",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103934",
                  },
                  {
                     name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01",
                     refsource: "MISC",
                     url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2018-0240",
      datePublished: "2018-04-19T20:00:00",
      dateReserved: "2017-11-27T00:00:00",
      dateUpdated: "2024-11-29T15:17:08.486Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}