Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Cisco
  • 1100-4p Integrated Services Router
  • 1100-8p Integrated Services Router
  • 1101-4p Integrated Services Router
  • 1109-2p Integrated Services Router
  • 1109-4p Integrated Services Router
  • 1111x-8p Integrated Services Router
  • 4221 Integrated Services Router
  • 4321 Integrated Services Router
  • 4331 Integrated Services Router
  • 4351 Integrated Services Router
  • 4431 Integrated Services Router
  • 4451-x Integrated Services Router
  • 4461 Integrated Services Router
  • Csr 1000v
  • Firepower Management Center
  • Firepower Threat Defense
  • Ios Xe
  • Isa 3000
Snort
  • Snort

Configuration 1 [-]

OR cpe:2.3:a:cisco:firepower_management_center:2.9.14.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:2.9.15:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:2.9.16:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2 cve-icon cve-icon
https://www.debian.org/security/2023/dsa-5354 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-01-13T21:16:48.777971Z

Updated: 2024-09-16T19:05:37.412Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1223

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-13T22:15:20.317

Modified: 2023-05-22T18:57:24.750

Link: CVE-2021-1223

cve-icon Redhat

No data.