Rewterz Threat Alert – PuzzleMaker APT Group – Active IOCs
October 27, 2021We are thrilled to announce the collaboration of Rewterz & Kaspersky
October 27, 2021Rewterz Threat Alert – PuzzleMaker APT Group – Active IOCs
October 27, 2021We are thrilled to announce the collaboration of Rewterz & Kaspersky
October 27, 2021Severity
Medium
Analysis Summary
CVE-2021-34753
Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by an incomplete processing during deep packet inspection for ENIP packets. By sending a specially-crafted ENIP packet, an attacker could exploit this vulnerability to bypass configured access control and intrusion policies that should be activated for the ENIP packet.
CVE-2021-34754
Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by an incomplete processing during deep packet inspection for ENIP packets. By sending a specially-crafted ENIP packet, an attacker could exploit this vulnerability to bypass configured access control and intrusion policies that should be activated for the ENIP packet.
CVE-2021-40125
Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software are vulnerable to a denial of service, caused by improper control of a resource. By sending specially-crafted authenticated IKEv2 messages, a remote authenticated attacker could exploit this vulnerability to trigger a reload of the device.
CVE-2021-34761
Cisco Firepower Threat Defense (FTD) Software could allow a local authenticated attacker to bypass security restrictions, caused by improper validation of user input for a specific CLI command. By issuing a CLI command with specially-crafted parameters, an attacker could exploit this vulnerability to overwrite or append arbitrary data to system files using root-level privileges.
CVE-2021-34787
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow a remote attacker to bypass security restrictions, caused by improper handling of network requests. By sending a specially-crafted network request, an attacker could exploit this vulnerability to bypass access control list (ACL) rules on the device.
CVE-2021-34793
Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software are vulnerable to a denial of service, caused by improper handling of certain TCP segments when the affected device is operating in transparent mode. By sending a specially-crafted TCP segment, a remote attacker could exploit this vulnerability to poison the MAC address tables in adjacent devices, and cause a network disruption.
CVE-2021-40114
Multiple Cisco Products are vulnerable to a denial of service, caused by improper memory resource management while the Snort detection engine is processing ICMP packets. By sending a series of ICMP packets, a remote attacker could exploit this vulnerability to exhaust resources, and results in a denial of service condition.
CVE-2021-34790
Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a remote attacker to bypass security restrictions, caused by improper traffic validation for the SIP ALG. By sending specially-crafted SIP traffic through the ALG to a host located behind the security device, an attacker could exploit this vulnerability to open unauthorized connections to the remote host and undertake actions leveraging that host.
CVE-2021-34791
Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a remote attacker to bypass security restrictions, caused by improper traffic validation for the FTP ALG. By sending specially-crafted FTP traffic through the ALG to a host located behind the security device, an attacker could exploit this vulnerability to open unauthorized connections to the remote host and undertake actions leveraging that host.
CVE-2021-34794
Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted SNMPv3 query, an attacker could exploit this vulnerability to obtain SNMP data information, and use this information to launch further attacks against the affected system.
CVE-2021-34750
Cisco Firepower Management Center (FMC) software could allow a remote authenticated attacker to obtain sensitive information, caused by improper encryption of sensitive information stored within the GUI configuration manager. By logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations, an attacker could exploit this vulnerability to view sensitive configuration parameters in clear text, and use this information to launch further attacks against the affected system.
CVE-2021-34751
Cisco Firepower Management Center (FMC) Software could allow a remote authenticated attacker to obtain sensitive information, caused by improper encryption of sensitive information stored within the GUI configuration manager. By logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations, an attacker could exploit this vulnerability to view sensitive configuration parameters in clear text, and use this information to launch further attacks against the affected system.
Impact
- Security Bypass
- Denial of Service
- Information Disclosure
Affected Vendors
- Cisco
Affected Products
- Cisco Firepower Threat Defense (FTD) Software
- Cisco Adaptive Security Appliance (ASA) Software
- Cisco 1000 Series Integrated Services Routers (ISRs)
- Cisco 4000 Series Integrated Services Routers (ISRs)
- Cisco Catalyst 8000V Edge Software
- Cisco Catalyst 8200 Series Edge Platforms
- Cisco Catalyst 8300 Series Edge Platforms
- Cisco Integrated Services Virtual (ISRv) Routers
- Cisco Cloud Services Routers 1000V Series
- Cisco Firepower Management Center (FMC) Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.
CVE-2021-34753