This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2017-05-03
Product Firepower Threat Defense Last view 2021-04-29
Version 6.2.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:firepower_threat_defense

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2021-04-29 CVE-2021-1504

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

7.5 2021-04-29 CVE-2021-1501

A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition.The vulnerability is due to a crash that occurs during a hash lookup for a SIP pinhole connection. An attacker could exploit this vulnerability by sending crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a crash and reload of the affected device.

5.3 2021-04-29 CVE-2021-1495

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

7.1 2021-04-29 CVE-2021-1493

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.

6.7 2021-04-29 CVE-2021-1488

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS.

6.7 2021-04-29 CVE-2021-1476

A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials.

7.8 2021-04-29 CVE-2021-1448

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

7.5 2021-04-29 CVE-2021-1445

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

8.6 2021-04-29 CVE-2021-1402

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.

6 2021-04-29 CVE-2021-1256

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.

5.3 2021-01-13 CVE-2021-1224

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.

7.5 2021-01-13 CVE-2021-1223

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.

3.7 2020-10-21 CVE-2020-3585

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device

6.1 2020-10-21 CVE-2020-3583

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

6.1 2020-10-21 CVE-2020-3582

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

6.1 2020-10-21 CVE-2020-3581

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

6.1 2020-10-21 CVE-2020-3580

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

6.5 2020-10-21 CVE-2020-3578

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device.

7.4 2020-10-21 CVE-2020-3577

A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation when Ethernet frames are processed. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker do either of the following: Fill the /ngfw partition on the device: A full /ngfw partition could result in administrators being unable to log in to the device (including logging in through the console port) or the device being unable to boot up correctly. Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. Cause a process crash: The process crash would cause the device to reload. No manual intervention is necessary to recover the device after the reload.

8.6 2020-10-21 CVE-2020-3572

A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific state. An attacker could exploit this vulnerability by establishing several SSL/TLS sessions and ensuring they are closed under certain conditions. A successful exploit could allow the attacker to exhaust memory resources in the affected device, which would prevent it from processing new SSL/TLS connections, resulting in a DoS. Manual intervention is required to recover an affected device.

8.6 2020-10-21 CVE-2020-3571

A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation upon receiving ICMP packets. An attacker could exploit this vulnerability by sending a high number of crafted ICMP or ICMPv6 packets to an affected device. A successful exploit could allow the attacker to cause a memory exhaustion condition that may result in an unexpected reload. No manual intervention is needed to recover the device after the reload.

5.8 2020-10-21 CVE-2020-3565

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. The vulnerability exists because TCP Intercept is invoked when the embryonic connection limit is reached, which can cause the underlying detection engine to process the packet incorrectly. An attacker could exploit this vulnerability by sending a crafted stream of traffic that matches a policy on which TCP Intercept is configured. A successful exploit could allow the attacker to match on an incorrect policy, which could allow the traffic to be forwarded when it should be dropped. In addition, the traffic could incorrectly be dropped.

5.3 2020-10-21 CVE-2020-3564

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and successfully complete FTP connections.

8.6 2020-10-21 CVE-2020-3563

A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of TCP packets to a specific port on an affected device. A successful exploit could allow the attacker to exhaust system memory, which could cause the device to reload unexpectedly. No manual intervention is needed to recover the device after it has reloaded.

4.7 2020-10-21 CVE-2020-3561

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
18% (15) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
14% (12) CWE-20 Improper Input Validation
7% (6) CWE-693 Protection Mechanism Failure
7% (6) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
4% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (3) CWE-787 Out-of-bounds Write
3% (3) CWE-770 Allocation of Resources Without Limits or Throttling
3% (3) CWE-269 Improper Privilege Management
3% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (2) CWE-755 Improper Handling of Exceptional Conditions
2% (2) CWE-667 Insufficient Locking
2% (2) CWE-415 Double Free
2% (2) CWE-404 Improper Resource Shutdown or Release
2% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (2) CWE-116 Improper Encoding or Escaping of Output
1% (1) CWE-668 Exposure of Resource to Wrong Sphere
1% (1) CWE-613 Insufficient Session Expiration
1% (1) CWE-552 Files or Directories Accessible to External Parties
1% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
1% (1) CWE-347 Improper Verification of Cryptographic Signature
1% (1) CWE-332 Insufficient Entropy in PRNG
1% (1) CWE-326 Inadequate Encryption Strength
1% (1) CWE-287 Improper Authentication
1% (1) CWE-203 Information Exposure Through Discrepancy
1% (1) CWE-200 Information Exposure

Snort® IPS/IDS

Date Description
2020-12-08 Cisco ASA/FTD OSPF LLS denial of service attempt
RuleID : 56091 - Type : SERVER-OTHER - Revision : 2
2020-12-08 Cisco ASA/FTD OSPF LLS denial of service attempt
RuleID : 56090 - Type : SERVER-OTHER - Revision : 1
2020-12-08 Cisco ASA and FTD denial of service attempt
RuleID : 56089 - Type : SERVER-WEBAPP - Revision : 1
2020-12-08 Cisco ASA and FTD web services large file upload denial of service attempt
RuleID : 56087 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco ASA and FTD MGCP denial of service attempt
RuleID : 53871 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco ASA and FTD MGCP denial of service attempt
RuleID : 53870 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco ASA and FTD MGCP denial of service attempt
RuleID : 53869 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco ASA and FTD MGCP denial of service attempt
RuleID : 53868 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco ASA and FTD IPv6 DNS request stack buffer overflow attempt
RuleID : 53867 - Type : PROTOCOL-DNS - Revision : 1
2020-12-05 Cisco ASA and FTD directory traversal attempt
RuleID : 53851 - Type : SERVER-WEBAPP - Revision : 2
2020-12-05 Cisco ASA and FTD memory disclosure attempt
RuleID : 53850 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco ASA and FTD malformed OSPF denial of service attempt
RuleID : 53847 - Type : PROTOCOL-OTHER - Revision : 1
2019-01-15 SIP over SCTP wildcard VIA address attempt
RuleID : 48593 - Type : PROTOCOL-VOIP - Revision : 1
2018-12-04 SIP wildcard VIA address flood attempt
RuleID : 48265 - Type : PROTOCOL-VOIP - Revision : 2
2018-12-04 SIP wildcard VIA address flood attempt
RuleID : 48264 - Type : PROTOCOL-VOIP - Revision : 2
2020-12-05 Cisco Adaptive Security Appliance directory traversal attempt
RuleID : 46897 - Type : SERVER-WEBAPP - Revision : 1
2018-02-03 Cisco ASA alloc_ch connection string
RuleID : 45597 - Type : INDICATOR-SHELLCODE - Revision : 2
2018-02-03 Cisco ASA VPN aggregateAuthDataHandler double free attempt
RuleID : 45596 - Type : SERVER-OTHER - Revision : 3
2018-02-01 Cisco ASA VPN aggregateAuthDataHandler double free attempt
RuleID : 45575 - Type : SERVER-OTHER - Revision : 5
2014-01-10 SIP REGISTER flood attempt
RuleID : 20395 - Type : PROTOCOL-VOIP - Revision : 5
2014-01-10 SSH brute force login attempt
RuleID : 19559 - Type : INDICATOR-SCAN - Revision : 13
2014-01-10 SIP REGISTER flood attempt
RuleID : 19389 - Type : PROTOCOL-VOIP - Revision : 9
2014-01-10 HTTP request with negative Content-Length attempt
RuleID : 16195 - Type : SERVER-WEBAPP - Revision : 17

Nessus® Vulnerability Scanner

id Description
2018-11-08 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20181031-asaftd-sip-dos-asa.nasl - Type: ACT_GATHER_INFO
2018-11-08 Name: The packet inspection software installed on the remote host is affected by a ...
File: cisco-sa-20181031-asaftd-sip-dos-ftd.nasl - Type: ACT_GATHER_INFO
2018-10-04 Name: The remote device is missing a vendor-supplied security patches.
File: cisco-sa-20181003-ftd-inspect-dos.nasl - Type: ACT_GATHER_INFO
2018-06-25 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20180606-asa.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20180418-asa1.nasl - Type: ACT_GATHER_INFO
2018-02-26 Name: The remote device is missing a vendor-supplied security patch.
File: cisco_asa_cve-2018-0101_dos.nasl - Type: ACT_KILL_HOST
2018-02-06 Name: The packet inspection software installed on the remote host is affected by a ...
File: cisco-sa-20180129-asa1-ftd.nasl - Type: ACT_GATHER_INFO
2018-01-30 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20180129-asa1.nasl - Type: ACT_GATHER_INFO
2017-05-25 Name: The packet inspection software installed on the remote host is affected by a ...
File: cisco-sa-20170503-ftd.nasl - Type: ACT_GATHER_INFO
2017-05-25 Name: The packet inspection software installed on the remote host is affected by a ...
File: cisco-sa-20170517-fpwr.nasl - Type: ACT_GATHER_INFO