#VU51250 Allocation of Resources Without Limits or Throttling in Sourcefire products - CVE-2021-1285
Published: March 8, 2021
Vulnerability identifier: #VU51250
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1285
CWE-ID: CWE-770
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco UTD Snort IPS Engine Software for IOS XE
Cisco UTD Engine for IOS XE SD-WAN
Cisco 1000 Series Integrated Services Routers
4000 Series Integrated Services Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Cloud Services Router 1000V Series
Integrated Services Virtual Routers
Snort
Cisco UTD Snort IPS Engine Software for IOS XE
Cisco UTD Engine for IOS XE SD-WAN
Cisco 1000 Series Integrated Services Routers
4000 Series Integrated Services Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Cloud Services Router 1000V Series
Integrated Services Virtual Routers
Snort
Software vendor:
Cisco Systems, Inc
Sourcefire
Cisco Systems, Inc
Sourcefire
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of error conditions when processing Ethernet frames. A remote attacker on the local network can send malicious Ethernet frames and cause a denial of service condition on the target system.
Remediation
Install updates from vendor's website.