VDB

CVE-2021-1493

CVE-2021-1493 PUBLISHED CVSS 8.5 HIGH

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.

EPSS 0.61% · 70.1th percentile

Risk Scores

CVSS 3.1
8.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
EPSS Score
0.61%
70.1th percentile

Affected Products

VendorProductVersions
CiscoCisco Adaptive Security Appliance (ASA) Software*
ciscofirepower_threat_defense0, 6.5.0, 6.7.0
ciscoadaptive_security_appliance_software9.14, 9.8, 9.15

Exploit Intelligence

Timeline

  • Apr 29, 2021 CVE Published
  • Apr 30, 2021 EPSS Score
  • Jul 3, 2021 EPSS Score
  • Sep 3, 2021 EPSS Score
  • Nov 5, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Mar 9, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 10, 2022 EPSS Score
  • Jul 11, 2022 EPSS Score
  • Sep 12, 2022 EPSS Score
  • Nov 14, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›