← volver
CVE-2021-1236

Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability

CVSS 4 MEDIUMEPSS 2.1%CWE-670
Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Productos afectados
Cisco · Cisco Firepower Threat Defense Software

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.debian.org/debian-lts-announce/2023/02/msg00011.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATqhttps://www.debian.org/security/2023/dsa-5354