CVE-2021-1495 - Vulnerability Details

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00136.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cisco Subscribe	1100-4g\/6g Integrated Services Router Subscribe 1101 Integrated Services Router Subscribe 1109 Integrated Services Router Subscribe 1111x Integrated Services Router Subscribe 111x Integrated Services Router Subscribe 1120 Integrated Services Router Subscribe 1160 Integrated Services Router Subscribe 3000 Integrated Services Router Subscribe 4221 Integrated Services Router Subscribe 4331 Integrated Services Router Subscribe 4431 Integrated Services Router Subscribe 4461 Integrated Services Router Subscribe C8200-1n-4t Subscribe C8200l-1n-4t Subscribe Catalyst 8300-1n1s-4t2x Subscribe Catalyst 8300-1n1s-6t Subscribe Catalyst 8300-2n2s-4t2x Subscribe Catalyst 8300-2n2s-6t Subscribe Catalyst 8500l Subscribe Firepower Threat Defense Subscribe Ios Xe Subscribe
Snort Subscribe	Snort Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::

Configuration 2 [-]

AND

OR	cpe:2.3:a:cisco:ios_xe::::::::
	cpe:2.3:a:snort:snort::::::::
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

OR	cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:3000_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:c8200-1n-4t:-:::::::*
	cpe:2.3:h:cisco:c8200l-1n-4t:-:::::::*
	cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:::::::*
	cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:::::::*
	cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:::::::*
	cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:::::::*
	cpe:2.3:h:cisco:catalyst_8500l:-:::::::*

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-3317-1	snort security update
Debian DSA	DSA-5354-1	snort security update
EUVD	EUVD-2021-6962	Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
https://www.debian.org/security/2023/dsa-5354

History

Sat, 09 Nov 2024 00:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-04-29T17:31:20.004075Z

Updated: 2024-11-08T23:22:35.276Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1495

Vulnrichment

Updated: 2024-08-03T16:11:17.563Z

NVD

Status : Modified

Published: 2021-04-29T18:15:09.430

Modified: 2024-11-21T05:44:28.830

Link: CVE-2021-1495

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object