The following table lists Cisco products that are affected by the vulnerabilities that are described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.
| Product | Cisco Bug ID | Fixed Release Availability |
|---|---|---|
| Cisco Adaptive Security Appliance (ASA) Software Affected features: Clientless WebVPN and AnyConnect VPN (only when SSO is enabled) |
CSCvx73164 | 9.8.4.38 (Jun 2021) 9.12.4.24 (available) 9.14.3 (Jun 2021) 9.15.1.15 (available) 9.16.1.3 (available) |
| Cisco Content Security Management Appliance (SMA) Affected feature: Web-based management interface (only when SSO is enabled) |
CSCvx73156 | 13.8.1 (available) 14.1.0 (Jul 2021) |
| Cisco Email Security Appliance (ESA) Affected feature: Web-based management interface (only when SSO is enabled) |
CSCvx73154 | 14.0.0-692 GD (available) |
| Cisco FXOS Software | CSCvx73164 | 2.2.2.149 (Jul 2021) 2.3.1.216 (Jul 2021) 2.6.1.230 (Jul 2021) 2.7.1.143 (available) 2.8.1.152 (available) 2.9.1.143 (available) |
|
Cisco Web Security Appliance (WSA) |
CSCvx73157 | 14.0.1 (Sep 2021) |
|
Cisco Firepower Threat Defense (FTD) Software |
CSCvx73164 | 6.4.0.12 (available) 6.6.5 (Jul 2021) 6.7.0.2 (available) 7.0.0 (available) |
| Cisco Prime Collaboration Assurance | CSCvx73162 | 12.1 SP4 ES (TBD) |
1. The AnyConnect VPN is configurable only through FlexConfig for Cisco FTD releases earlier than Release 6.7.
The Cisco software releases listed in the following table have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability.
| Cisco Software | End-of-Life Releases |
|---|---|
| ASA Software | 9.7 and earlier 9.9 9.10 9.13 |
| FXOS Software | 2.4.1 2.7.1 |
| FTD Software | 6.0.1 and earlier 6.2.0 6.2.1 6.5 |
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following products and services:
Network and Content Security Devices
- Cisco AMP Virtual Private Cloud Appliance
Network Management and Provisioning
- Cisco Prime Collaboration Provisioning
Unified Computing
- Cisco UCS B-Series M5 Blade Servers
- Cisco UCS C-Series M5 Rack Servers – Managed
Video, Streaming, TelePresence, and Transcoding Devices
- Cisco Video Surveillance Media Server
- Cisco Video Surveillance Operations Manager
- Cisco Vision Dynamic Signage Director
