OpenCVE

Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cisco	Firepower Management Center Firepower Threat Defense

Configuration 1 [-]

OR	cpe:2.3:a:cisco:firepower_management_center:2.9.12:::::::*
	cpe:2.3:a:cisco:firepower_management_center:2.9.14.0:::::::*
	cpe:2.3:a:cisco:firepower_management_center:2.9.16:::::::*
	cpe:2.3:a:cisco:firepower_management_center:2.9.17:::::::*
	cpe:2.3:a:cisco:firepower_management_center:2.9.18:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP

History

Thu, 07 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-10-27T18:55:11.850764Z

Updated: 2024-11-07T21:46:19.292Z

Reserved: 2021-06-15T00:00:00

Link: CVE-2021-34754

Vulnrichment

Updated: 2024-08-04T00:19:48.159Z

NVD

Status : Modified

Published: 2021-10-27T19:15:07.820

Modified: 2024-11-21T06:11:07.450

Link: CVE-2021-34754

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Firepower Threat Defense Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet."}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-27T18:55:11", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20211027 Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP"}], "source": {"advisory": "cisco-sa-ftd-enip-bypass-eFsxd8KP", "defect": [["CSCvy02240"]], "discovery": "INTERNAL"}, "title": "Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-10-27T16:00:00", "ID": "CVE-2021-34754", "STATE": "PUBLIC", "TITLE": "Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Firepower Threat Defense Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet."}]}, "exploit": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "impact": {"cvss": {"baseScore": "5.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "20211027 Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP"}]}, "source": {"advisory": "cisco-sa-ftd-enip-bypass-eFsxd8KP", "defect": [["CSCvy02240"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:48.159Z"}, "title": "CVE Program Container", "references": [{"name": "20211027 Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-07T21:44:35.126748Z", "id": "CVE-2021-34754", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T21:46:19.292Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-34754", "datePublished": "2021-10-27T18:55:11.850764Z", "dateReserved": "2021-06-15T00:00:00", "dateUpdated": "2024-11-07T21:46:19.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP", "name": "20211027 Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:48.159Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-34754", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-07T21:44:35.126748Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T21:45:02.138Z"}}], "cna": {"title": "Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "source": {"defect": [["CSCvy02240"]], "advisory": "cisco-sa-ftd-enip-bypass-eFsxd8KP", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Firepower Threat Defense Software", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "datePublic": "2021-10-27T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP", "name": "20211027 Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2021-10-27T18:55:11"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "5.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}}, "source": {"defect": [["CSCvy02240"]], "advisory": "cisco-sa-ftd-enip-bypass-eFsxd8KP", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco Firepower Threat Defense Software"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP", "name": "20211027 Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-34754", "STATE": "PUBLIC", "TITLE": "Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-10-27T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-34754", "state": "PUBLISHED", "dateUpdated": "2024-11-07T21:46:19.292Z", "dateReserved": "2021-06-15T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2021-10-27T18:55:11.850764Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_management_center:2.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "22C4D542-9925-48F4-805D-FAAAE1498E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:2.9.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "4ED9EFA4-D903-4F21-91CD-96E8D13B8EC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:2.9.16:*:*:*:*:*:*:*", "matchCriteriaId": "C96EC981-446D-4741-AEE0-F615A468A7FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:2.9.17:*:*:*:*:*:*:*", "matchCriteriaId": "163F6B90-2F10-40CC-897B-FB58FA4568FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_management_center:2.9.18:*:*:*:*:*:*:*", "matchCriteriaId": "5C8E9BF1-2B66-419E-B4C2-5D605BF459EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F461B5-E600-4C81-BA3C-1DBC90D4D438", "versionEndExcluding": "6.4.0.13", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDF402F7-DFC5-4A83-A209-9905AE54C49F", "versionEndExcluding": "6.6.5.1", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "98DEDDAB-B8C5-4753-A208-94638E694FC1", "versionEndExcluding": "6.7.0.3", "versionStartIncluding": "6.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B2F537A-A488-45B6-AD4B-48B7064AE84C", "versionEndExcluding": "7.0.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades en la inspecci\u00f3n de la carga \u00fatil del tr\u00e1fico del Protocolo Industrial Ethernet (ENIP) para el software Cisco Firepower Threat Defense (FTD) podr\u00edan permitir a un atacante remoto no autenticado omitir las reglas configuradas para el tr\u00e1fico ENIP. Estas vulnerabilidades son debido al procesamiento incompleto durante la inspecci\u00f3n profunda de paquetes para los paquetes ENIP. Un atacante podr\u00eda explotar estas vulnerabilidades enviando un paquete ENIP dise\u00f1ado a la interfaz objetivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante omitir el control de acceso configurado y las pol\u00edticas de intrusi\u00f3n que deber\u00edan activarse para el paquete ENIP"}], "id": "CVE-2021-34754", "lastModified": "2024-11-21T06:11:07.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-27T19:15:07.820", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}