CVE-2021-34794: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

A vulnerability (CVE-2021-34794) was discovered in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The vulnerability was first published on October 27, 2021, and was found during Cisco's internal security testing. This vulnerability affects Cisco ASA and Firepower Appliances running vulnerable releases of ASA Software or FTD Software with SNMPv3 access control configured (Cisco Advisory).

The vulnerability stems from ineffective access control in the SNMPv3 implementation. It has been assigned a CVSS base score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X) and is categorized under CWE-284. To determine if a system is vulnerable, administrators can run the 'show running-config snmp-server' CLI command and check for the presence of version 3 in the output (Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to send an SNMP query to an affected device and retrieve information from the device. However, it's important to note that the attacker would need valid credentials to perform the SNMP query, even after bypassing the access control list (Cisco Advisory).

Cisco has released software updates to address this vulnerability. For ASA Software, versions 9.14.2.4 and 9.15.1.7 contain the fix. For FTD Software, versions 6.4.0.13, 6.6.5, and 6.7.0.1 include the necessary patches. There are no workarounds available for this vulnerability, and customers are advised to upgrade to a supported release that includes the fix (Cisco Advisory).