CVE-2021-34790: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

A vulnerability (CVE-2021-34790) was discovered in the Session Initiation Protocol (SIP) Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software. This vulnerability, publicly discussed as NAT Slipstreaming, was disclosed on October 27, 2021, and affects multiple versions of Cisco ASA Software and FTD Software (Cisco Advisory).

The vulnerability stems from insufficient traffic validation for the SIP ALG, which is enabled by default. It has been assigned a CVSS Base Score of 4.7 (Medium) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N. The vulnerability is tracked under Cisco Bug ID CSCvw35444 (Cisco Advisory).

A successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. This could enable the attacker to undertake actions leveraging the compromised host (Cisco Advisory).

While there are no direct workarounds, Cisco has released software updates to address this vulnerability. As a mitigation, customers who do not need the SIP ALG may disable it to reduce the attack surface. This can be accomplished from the CLI for Cisco ASA Software or by using FlexConfig for Cisco FTD Software. Fixed releases include ASA Software versions 9.8.4.40, 9.12.4.18, 9.14.2.15, 9.15.1.15, and FTD Software versions 6.4.0.12, 6.6.5, and 6.7.0.2 (Cisco Advisory).