CVE-2021-34783: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

CVE-2021-34783 is a high-severity vulnerability (CVSS 8.6) affecting Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software. The vulnerability was discovered by Sanmith Prakash of Cisco during internal security testing and was publicly disclosed on October 27, 2021. The issue exists in the software-based SSL/TLS message handler due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption (Cisco Advisory).

The vulnerability stems from insufficient validation of SSL/TLS messages during software-based SSL/TLS decryption operations. It affects ASA Software versions 9.16.1 and 9.16.1.28, as well as FTD Software 7.0.0, 7.0.01, and versions 6.3.0 and later (prior to the fixed release). The vulnerability is specifically triggered when devices are configured to process inbound SSL/TLS messages or have an active SSL Decryption Policy. Notably, Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability (Cisco Advisory).

A successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This could significantly impact the availability of network security services provided by the affected devices (Cisco Advisory).

Cisco has released software updates that address this vulnerability. No workarounds are available. For ASA Software, the fix was implemented in version 9.16.2, and for FTD Software, fixes were included in versions 6.4.0.13, 6.6.5, 6.7.0.3, and 7.0.1. Customers are advised to upgrade to the fixed versions (Cisco Advisory).