CVE-2021-1402: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability (CVE-2021-1402) was discovered by Sanmith Prakash of Cisco during internal security testing and was publicly disclosed on April 28, 2021. The vulnerability affects various Cisco products running vulnerable releases of FTD Software with SSL decryption policy enabled, including 3000 Series Industrial Security Appliances, ASA 5500-X Series, Firepower 1000 and 2100 Series, and Firepower Threat Defense Virtual (Cisco Advisory).

The vulnerability stems from insufficient validation of SSL/TLS messages when the device performs software-based SSL decryption. The issue has been assigned a CVSS Base Score of 8.6 (High) with the vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. The vulnerability is specifically triggered by SSL/TLS messages sent through the affected device, while messages sent to the device do not trigger this vulnerability (Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to cause a process crash, which would trigger a device reload. While the device will recover automatically after the reload without manual intervention, this could result in a denial of service condition affecting the availability of network services (Cisco Advisory).

Cisco has released software updates that address this vulnerability. There are no workarounds available. The fixed releases include version 6.4.0.12 (May 2021), 6.6.4, and 6.7.0.2. Users can upgrade using either the Firepower Management Center (FMC) interface or the Firepower Device Manager (FDM) interface, depending on their management setup. After installation, the access control policy must be reapplied (Cisco Advisory).