CVE-2021-1422

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software version 9.16.1 Cisco Firepower Threat Defense (FTD) Software version 7.0.0

Description A vulnerability in the software cryptography module could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Successful exploitation of this vulnerability would not cause a compromise of any encrypted data.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software version 9.16.1, update to a newer version to mitigate the risk. For Cisco Firepower Threat Defense (FTD) Software version 7.0.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the IPsec connection to minimize the risk of exploitation.