Rewterz Threat Advisory – CVE-2021-34782 – Cisco DNA Center Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-34753 

Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by an incomplete processing during deep packet inspection for ENIP packets. By sending a specially-crafted ENIP packet, an attacker could exploit this vulnerability to bypass configured access control and intrusion policies that should be activated for the ENIP packet.

CVE-2021-34754 

Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by an incomplete processing during deep packet inspection for ENIP packets. By sending a specially-crafted ENIP packet, an attacker could exploit this vulnerability to bypass configured access control and intrusion policies that should be activated for the ENIP packet.

CVE-2021-40125 

Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software are vulnerable to a denial of service, caused by improper control of a resource. By sending specially-crafted authenticated IKEv2 messages, a remote authenticated attacker could exploit this vulnerability to trigger a reload of the device.

CVE-2021-34761 

Cisco Firepower Threat Defense (FTD) Software could allow a local authenticated attacker to bypass security restrictions, caused by improper validation of user input for a specific CLI command. By issuing a CLI command with specially-crafted parameters, an attacker could exploit this vulnerability to overwrite or append arbitrary data to system files using root-level privileges.

CVE-2021-34787 

Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow a remote attacker to bypass security restrictions, caused by improper handling of network requests. By sending a specially-crafted network request, an attacker could exploit this vulnerability to bypass access control list (ACL) rules on the device.

CVE-2021-34793 

Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software are vulnerable to a denial of service, caused by improper handling of certain TCP segments when the affected device is operating in transparent mode. By sending a specially-crafted TCP segment, a remote attacker could exploit this vulnerability to poison the MAC address tables in adjacent devices, and cause a network disruption.

CVE-2021-40114 

Multiple Cisco Products are vulnerable to a denial of service, caused by improper memory resource management while the Snort detection engine is processing ICMP packets. By sending a series of ICMP packets, a remote attacker could exploit this vulnerability to exhaust resources, and results in a denial of service condition.

CVE-2021-34790 

Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a remote attacker to bypass security restrictions, caused by improper traffic validation for the SIP ALG. By sending specially-crafted SIP traffic through the ALG to a host located behind the security device, an attacker could exploit this vulnerability to open unauthorized connections to the remote host and undertake actions leveraging that host.

CVE-2021-34791 

Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a remote attacker to bypass security restrictions, caused by improper traffic validation for the FTP ALG. By sending specially-crafted FTP traffic through the ALG to a host located behind the security device, an attacker could exploit this vulnerability to open unauthorized connections to the remote host and undertake actions leveraging that host.

CVE-2021-34794 

Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted SNMPv3 query, an attacker could exploit this vulnerability to obtain SNMP data information, and use this information to launch further attacks against the affected system.

CVE-2021-34750 

Cisco Firepower Management Center (FMC) software could allow a remote authenticated attacker to obtain sensitive information, caused by improper encryption of sensitive information stored within the GUI configuration manager. By logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations, an attacker could exploit this vulnerability to view sensitive configuration parameters in clear text, and use this information to launch further attacks against the affected system.

CVE-2021-34751 

Cisco Firepower Management Center (FMC) Software could allow a remote authenticated attacker to obtain sensitive information, caused by improper encryption of sensitive information stored within the GUI configuration manager. By logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations, an attacker could exploit this vulnerability to view sensitive configuration parameters in clear text, and use this information to launch further attacks against the affected system.

Impact

• Security Bypass
• Denial of Service
• Information Disclosure

Affected Vendors

• Cisco

Affected Products

• Cisco Firepower Threat Defense (FTD) Software
• Cisco Adaptive Security Appliance (ASA) Software
• Cisco 1000 Series Integrated Services Routers (ISRs)
• Cisco 4000 Series Integrated Services Routers (ISRs)
• Cisco Catalyst 8000V Edge Software
• Cisco Catalyst 8200 Series Edge Platforms
• Cisco Catalyst 8300 Series Edge Platforms
• Cisco Integrated Services Virtual (ISRv) Routers
• Cisco Cloud Services Routers 1000V Series
• Cisco Firepower Management Center (FMC) Software

Remediation

Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2021-34753