Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-34794
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Firepower Threat Defense 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Firepower Threat Defense(FTD)是美国思科(Cisco)公司的一套提供下一代防火墙服务的统一软件。 Cisco Firepower Threat Defense(FTD)和Cisco Adaptive Security Appliances Software(ASA Software)存在安全漏洞,该漏洞源于访问控制无效。攻击者可以通过从 SNMPv3 访问控制列表不允许的主机向受影响的设备发送 SNMPv3 查询来利用此漏洞。成功的利用可能允许攻击者向受影响的设备发
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CiscoCisco Adaptive Security Appliance (ASA) Software n/a -
II. Public POCs for CVE-2021-34794
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-34794
Please Login to view more intelligence information
New Vulnerabilities
Product: Cisco Adaptive Security Appliance (ASA) Software
Vendor: Cisco
Same weakness: CWE-284
V. Comments for CVE-2021-34794

No comments yet

Leave a comment