Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-40114 |
CWE-ID | CWE-401 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Snort Server applications / IDS/IPS systems, Firewalls and proxy servers Cisco Firepower Threat Defense (FTD) Hardware solutions / Security hardware applicances Cisco UTD Snort IPS Engine Software for IOS XE Other software / Other software solutions Cisco UTD Engine for IOS XE SD-WAN Other software / Other software solutions |
Vendor |
Sourcefire Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU57799
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-40114
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak while the Snort detection engine is processing ICMP packets. A remote attacker can send a specially crafted ICMP packet, force the application to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSnort: 2.1.0 - 2.9.17.1
Cisco Firepower Threat Defense (FTD): 6.2.2 - 6.7.0
Cisco UTD Snort IPS Engine Software for IOS XE: 16.12 - 17.4
Cisco UTD Engine for IOS XE SD-WAN: 16.12 - 17.4
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.