CVE-2021-1236

Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability

CVSS 4 MEDIUMEPSS 2.1%CWE-670

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

13 Jan 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected products

Cisco · Cisco Firepower Threat Defense Software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq https://www.debian.org/security/2023/dsa-5354