CVE-2021-1285

Summary

Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco UTD SNORT IPS Engine Software16.12.3affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.5affected
CiscoCisco UTD SNORT IPS Engine Software16.12.4affected
CiscoCisco UTD SNORT IPS Engine Software17.3.1aaffected
CiscoCisco UTD SNORT IPS Engine Software16.6.6affected
CiscoCisco UTD SNORT IPS Engine Software16.12.2affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.6affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.3affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.7affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.2affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.4affected
CiscoCisco UTD SNORT IPS Engine SoftwareEverest-16.6.4affected
CiscoCisco UTD SNORT IPS Engine SoftwareEverest-16.6.3affected
CiscoCisco UTD SNORT IPS Engine Software16.6.5affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.5affected
CiscoCisco UTD SNORT IPS Engine Software17.2.1raffected
CiscoCisco UTD SNORT IPS Engine Software17.1.1affected
CiscoCisco UTD SNORT IPS Engine SoftwareEverest-16.6.2affected
CiscoCisco UTD SNORT IPS Engine Software16.6.7aaffected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.4affected
CiscoCisco UTD SNORT IPS Engine Software16.6.1affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.9affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.3affected
CiscoCisco UTD SNORT IPS Engine Software16.12.1aaffected
CiscoCisco UTD SNORT IPS Engine Software17.3.2affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.7affected

Weaknesses

  • CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References