CVE-2021-34790

MEDIUM

Cisco Adaptive Security Appliance and Firepower Threat Defense - Unauthenticated NAT ALG Security Bypass

Title source: llm

Description

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng

Scores

CVSS v3 4.7

EPSS 0.0110

EPSS Percentile 61.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-358 CWE-20

Status published

Products (19)

cisco/adaptive_security_appliance < 9.8.4.40

cisco/adaptive_security_appliance_software 9.12.0 - 9.12.4.29

cisco/asa_5505_firmware 009.008

cisco/asa_5505_firmware 009.015

cisco/asa_5512-x_firmware 009.008

cisco/asa_5512-x_firmware 009.015

cisco/asa_5515-x_firmware 009.008

cisco/asa_5515-x_firmware 009.015

cisco/asa_5525-x_firmware 009.008

cisco/asa_5525-x_firmware 009.015

... and 9 more

Published Oct 27, 2021

Tracked Since Feb 18, 2026