← Back

CVE-2021-1495

nvd nist
Published: Apr 29, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Affected (7)

Cisco
2 products
Firepower Threat Defense
Ios Xe
Snort
1 product
Snort
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Firepower Threat Defense
Before 6.4.0.12
Firepower Threat Defense
From 6.5.0 to 6.6.4
Firepower Threat Defense
From 6.7.0 to 6.7.0.2
Configuration B
4 vulnerable · 19 platform
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
From 16.12 to 16.12.5
Ios Xe
From 17.1 to 17.3.3
Ios Xe
From 17.4 to 17.4.1
Snort
Before 2.9.17.1
Running on/withPlatform Versions
Cisco
1100 4g/6g Integrated Services Router
All versions
Cisco
1101 Integrated Services Router
All versions
Cisco
1109 Integrated Services Router
All versions
Cisco
1111x Integrated Services Router
All versions
Cisco
111x Integrated Services Router
All versions
Cisco
1120 Integrated Services Router
All versions
Cisco
1160 Integrated Services Router
All versions
Cisco
3000 Integrated Services Router
All versions
Cisco
4221 Integrated Services Router
All versions
Cisco
4331 Integrated Services Router
All versions
Cisco
4431 Integrated Services Router
All versions
Cisco
4461 Integrated Services Router
All versions
Cisco
C8200 1n 4t
All versions
Cisco
C8200l 1n 4t
All versions
Cisco
Catalyst 8300 1n1s 4t2x
All versions
Cisco
Catalyst 8300 1n1s 6t
All versions
Cisco
Catalyst 8300 2n2s 4t2x
All versions
Cisco
Catalyst 8300 2n2s 6t
All versions
Cisco
Catalyst 8500l
All versions

Related CWEs

CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

References (6)

Source: psirt@cisco.com
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.