Improper access control in Cisco Adaptive Security Appliance and Firepower Threat Defense Software SNMP implementation

1) Improper access control

EUVDB-ID: #VU57768

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-34794

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality. A remote user can bypass implemented security restrictions and send an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ASA 5500-X Series Firewalls: All versions

Cisco Adaptive Security Appliance (ASA): before 9.15.1.7

Cisco Firepower Threat Defense (FTD): before 6.7.0.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-snmpaccess-M6yOweq3
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv49739
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw31710
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw51436

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.