CVE-2021-34790

MEDIUM

Cisco ASA/FTD - Auth Bypass

Title source: llm

Description

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-natalg-bypass-cpKGqkng

Scores

CVSS v3 4.7

EPSS 0.0047

EPSS Percentile 64.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-358 CWE-20

Status published

Products (19)

cisco/adaptive_security_appliance < 9.8.4.40

cisco/adaptive_security_appliance_software 9.12.0 - 9.12.4.29

cisco/asa_5505_firmware 009.008

cisco/asa_5505_firmware 009.015

cisco/asa_5512-x_firmware 009.008

cisco/asa_5512-x_firmware 009.015

cisco/asa_5515-x_firmware 009.008

cisco/asa_5515-x_firmware 009.015

cisco/asa_5525-x_firmware 009.008

cisco/asa_5525-x_firmware 009.015

... and 9 more

Published Oct 27, 2021

Tracked Since Feb 18, 2026