Security features bypass in Multiple Cisco Products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-1495 |
| CWE-ID | CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Firepower Threat Defense (FTD) Hardware solutions / Security hardware applicances Cisco UTD Snort IPS Engine Software for IOS XE Other software / Other software solutions Cisco UTD Engine for IOS XE SD-WAN Other software / Other software solutions Open Source Snort 2 Server applications / IDS/IPS systems, Firewalls and proxy servers 3000 Series Industrial Security Appliance (ISA) Server applications / IDS/IPS systems, Firewalls and proxy servers Snort Server applications / IDS/IPS systems, Firewalls and proxy servers Integrated Services Virtual Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cloud Services Router 1000V Series Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8500L Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8300 Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8200 Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8000V Edge Software Hardware solutions / Routers & switches, VoIP, GSM, etc 4000 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 1000 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor |
Cisco Systems, Inc Sourcefire |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Security features bypass
EUVDB-ID: #VU52752
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1495
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass a configured file policy for HTTP.
The vulnerability exists due to incorrect handling of specific HTTP header parameters. A remote attacker can send specially crafted HTTP packets to bypass a configured file policy for HTTP packets and deliver a malicious payload.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Firepower Threat Defense (FTD): - - 6.7.0
Cisco UTD Snort IPS Engine Software for IOS XE: - - 17.4
Cisco UTD Engine for IOS XE SD-WAN: - - 17.4
Open Source Snort 2: All versions
Integrated Services Virtual Routers: All versions
Cloud Services Router 1000V Series: All versions
Catalyst 8500L Series Edge Platforms: All versions
Catalyst 8300 Series Edge Platforms: All versions
Catalyst 8200 Series Edge Platforms: All versions
Catalyst 8000V Edge Software: All versions
4000 Series Integrated Services Routers: All versions
3000 Series Industrial Security Appliance (ISA): All versions
Cisco 1000 Series Integrated Services Routers: All versions
Snort: before 2.9.17.1
CPE2.3- cpe:2.3:h:cisco_systems:cisco_ftd:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:6.3.0:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:6.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_ftd:6.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_utd_snort_ips_engine_software_for_ios_xe:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_utd_snort_ips_engine_software_for_ios_xe:16.12:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_utd_engine_for_ios_xe_sd-wan:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:open_source_snort_2:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:integrated_services_virtual_routers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cloud_services_router_1000v_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8500l_series_edge_platforms:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8300_series_edge_platforms:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8200_series_edge_platforms:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_8000v_edge_software:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:4000_series_integrated_services_routers:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:3000_series_industrial_security_appliance_isa:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_1000_series_integrated_services_routers:*:*:*:*:*:*:*:*
- cpe:2.3:a:sourcefire:snort:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
