CVE-2021-34791

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to the incorrect implementation of security checks for standard elements in the File Transfer Protocol (FTP) and Network Address Translation (NAT) feature of the Application Layer Gateway (ALG) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. This could allow a remote attacker to bypass security restrictions and open unauthorized connections by sending specially crafted FTP traffic through the ALG. The vulnerabilities have been publicly discussed as NAT Slipstreaming.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, update to a version that includes the fix for this issue. For Cisco Firepower Threat Defense (FTD) Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the ALG to minimize the risk of exploitation.