CVE-2021-1402

Beschreibung:
A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.

CWE: CWE-119

CVSS-Bewertung
CVSS 2: HIGH – 7.8 (Version: 2.0)
CVSS 3: HIGH – 8.6 (Version: 3.1)

Links:

NVD – CVE-2021-1402
CVE – CVE-2021-1402

Link (max. 20) Quelle Tags
20210428 Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability CISCO Vendor Advisory Third Party Advisory
https://www.npmjs.com/package/systeminformation MISC Product Third Party Advisory Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/commit/7922366d707de7f20995fc8e30ac3153636bf35f MISC Patch Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-jff2-qjw8-5476 CONFIRM Third Party Advisory
https://github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a027fdef67524 MISC Patch Third Party Advisory

Quelle: NVD – CVE-2021-1402
Datum Veröffentlichung: 2021-04-29T18:15Z, Datum letzte Änderung: 2021-05-10T12:30Z