Vulnerability Name:

CVE-2021-34794 (CCN-212262)

Assigned:2021-10-27
Published:2021-10-27
Updated:2021-10-29
Summary:A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2021-34794

Source: XF
Type: UNKNOWN
cisco-cve202134794-info-disc(212262)

Source: CCN
Type: Cisco Security Advisory cisco-sa-asaftd-snmpaccess-M6yOweq3
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability

Source: CISCO
Type: Vendor Advisory
20211027 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:* (Version >= 9.14.0 and < 9.14.2.4)
  • OR cpe:/a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:* (Version >= 9.15.0 and < 9.15.1.7)
  • OR cpe:/a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* (Version >= 6.4.0 and < 6.4.0.13)
  • OR cpe:/a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* (Version >= 6.5.0 and < 6.6.5)
  • OR cpe:/a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* (Version >= 6.7.0 and < 6.7.0.1)

  • Configuration 2:
  • cpe:/o:cisco:asa_5512-x_firmware:009.014(001):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5512-x_firmware:099.015(001.033):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5512-x_firmware:099.016(001.216):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:asa_5512-x:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:cisco:asa_5505_firmware:009.014(001):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5505_firmware:099.015(001.033):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5505_firmware:099.016(001.216):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:asa_5505:-:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:cisco:asa_5515-x_firmware:009.014(001):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5515-x_firmware:099.015(001.033):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5515-x_firmware:099.016(001.216):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:asa_5515-x:-:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:cisco:asa_5525-x_firmware:009.014(001):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5525-x_firmware:099.015(001.033):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5525-x_firmware:099.016(001.216):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:asa_5525-x:-:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/o:cisco:asa_5545-x_firmware:009.014(001):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5545-x_firmware:099.015(001.033):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5545-x_firmware:099.016(001.216):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:asa_5545-x:-:*:*:*:*:*:*:*

  • Configuration 7:
  • cpe:/o:cisco:asa_5555-x_firmware:009.014(001):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5555-x_firmware:099.015(001.033):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5555-x_firmware:099.016(001.216):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:asa_5555-x:-:*:*:*:*:*:*:*

  • Configuration 8:
  • cpe:/o:cisco:asa_5580_firmware:009.014(001):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5580_firmware:099.015(001.033):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5580_firmware:099.016(001.216):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:asa_5580:-:*:*:*:*:*:*:*

  • Configuration 9:
  • cpe:/o:cisco:asa_5585-x_firmware:009.014(001):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5585-x_firmware:099.015(001.033):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:asa_5585-x_firmware:099.016(001.216):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:asa_5585-x:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:cisco:adaptive_security_appliance_software:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    cisco adaptive security appliance *
    cisco adaptive security appliance *
    cisco firepower threat defense *
    cisco firepower threat defense *
    cisco firepower threat defense *
    cisco asa 5512-x firmware 009.014(001)
    cisco asa 5512-x firmware 099.015(001.033)
    cisco asa 5512-x firmware 099.016(001.216)
    cisco asa 5512-x -
    cisco asa 5505 firmware 009.014(001)
    cisco asa 5505 firmware 099.015(001.033)
    cisco asa 5505 firmware 099.016(001.216)
    cisco asa 5505 -
    cisco asa 5515-x firmware 009.014(001)
    cisco asa 5515-x firmware 099.015(001.033)
    cisco asa 5515-x firmware 099.016(001.216)
    cisco asa 5515-x -
    cisco asa 5525-x firmware 009.014(001)
    cisco asa 5525-x firmware 099.015(001.033)
    cisco asa 5525-x firmware 099.016(001.216)
    cisco asa 5525-x -
    cisco asa 5545-x firmware 009.014(001)
    cisco asa 5545-x firmware 099.015(001.033)
    cisco asa 5545-x firmware 099.016(001.216)
    cisco asa 5545-x -
    cisco asa 5555-x firmware 009.014(001)
    cisco asa 5555-x firmware 099.015(001.033)
    cisco asa 5555-x firmware 099.016(001.216)
    cisco asa 5555-x -
    cisco asa 5580 firmware 009.014(001)
    cisco asa 5580 firmware 099.015(001.033)
    cisco asa 5580 firmware 099.016(001.216)
    cisco asa 5580 -
    cisco asa 5585-x firmware 009.014(001)
    cisco asa 5585-x firmware 099.015(001.033)
    cisco asa 5585-x firmware 099.016(001.216)
    cisco asa 5585-x -
    cisco adaptive security appliance software -
    cisco firepower threat defense software *