CVE-2021-1494

Summary

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Firepower Threat Defense SoftwareN/Aaffected
CiscoCisco UTD SNORT IPS Engine Software16.12.1aaffected
CiscoCisco UTD SNORT IPS Engine Software16.12.2affected
CiscoCisco UTD SNORT IPS Engine Software16.12.3affected
CiscoCisco UTD SNORT IPS Engine Software16.12.4affected
CiscoCisco UTD SNORT IPS Engine Software16.6.1affected
CiscoCisco UTD SNORT IPS Engine Software16.6.5affected
CiscoCisco UTD SNORT IPS Engine Software16.6.6affected
CiscoCisco UTD SNORT IPS Engine Software16.6.7aaffected
CiscoCisco UTD SNORT IPS Engine Software16.6.9affected
CiscoCisco UTD SNORT IPS Engine Software17.1.1affected
CiscoCisco UTD SNORT IPS Engine Software17.2.1raffected
CiscoCisco UTD SNORT IPS Engine Software17.3.1aaffected
CiscoCisco UTD SNORT IPS Engine Software17.3.2affected
CiscoCisco UTD SNORT IPS Engine Software3.17.0Saffected
CiscoCisco UTD SNORT IPS Engine Software3.17.1Saffected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.2affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.4affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.6affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.3affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.7affected
CiscoCisco UTD SNORT IPS Engine SoftwareFuji-16.9.5affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.3affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.9affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.7affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.5affected
CiscoCisco UTD SNORT IPS Engine SoftwareDenali-16.3.4affected
CiscoCisco UTD SNORT IPS Engine SoftwareEverest-16.6.3affected
CiscoCisco UTD SNORT IPS Engine SoftwareEverest-16.6.4affected
CiscoCisco UTD SNORT IPS Engine SoftwareEverest-16.6.2affected

Weaknesses

  • CWE-693: Protection Mechanism Failure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References