← Back

CVE-2021-34749

nvd nist
Published: Aug 18, 2021Modified: Nov 26, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.

Affected (6)

Cisco
3 products
Firepower Management Center Virtual Appliance Firmware
Ironport Web Security Appliance
Secure Firewall Management Center
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Firepower Management Center Virtual Appliance Firmware
Version 6.6.0
Firepower Management Center Virtual Appliance Firmware
Version 6.7.0
Firepower Management Center Virtual Appliance Firmware
Version 7.0.0
Firepower Management Center Virtual Appliance Firmware
Version 7.1.0
Ironport Web Security Appliance
Version 14.5
Secure Firewall Management Center
Version 2.9.18

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

Source: psirt@cisco.com
Source: psirt@cisco.com
PatchVendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.