CVE-2021-34794

moderate-risk

Published 2021-10-27

A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.

Do I need to act?

0.68% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Firepower Threat Defense

Adaptive Security Appliance Software

Asa 5512-X Firmware

Asa 5505 Firmware

Asa 5515-X Firmware

Asa 5525-X Firmware

Asa 5545-X Firmware

Asa 5555-X Firmware

Affected Vendors

Cisco

References (2)

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-a...

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 2/34 · Minimal

Exposure 21/34 · High