Vulnerabilities > CVE-2021-1422 - Reachable Assertion vulnerability in Cisco products

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-617

NVD

Published: 2021-07-16

Updated: 2023-11-07

Summary

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Adaptive Security Appliance Software 9.16.1 Cisco Firepower Threat Defense 7.0.0.0	2
Application	Cisco Cisco Adaptive Security Virtual Appliance -	1
Hardware	Cisco Cisco Firepower 2100 - Cisco Firepower 2110 - Cisco Firepower 2120 - Cisco Firepower 2130 - Cisco Firepower 2140 - Cisco FTD Virtual -	6

Common Weakness Enumeration (CWE)

CWE-617 - Reachable Assertion

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC