Information disclosure in Sourcefire products - CVE-2021-34749

 

Information disclosure in Sourcefire products - CVE-2021-34749

Published: August 19, 2021


Vulnerability identifier: #VU55978
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-34749
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Sourcefire
Affected software:
3000 Series Industrial Security Appliance (ISA)
Cisco Web Security Appliance
Snort
Cisco Firewall Threat Defense (FTD)

Detailed vulnerability description

The vulnerability allows a remote attacker to exfiltrate data from a compromised host.

The vulnerability exists due to inadequate filtering of the SSL handshake in Server Name Identification (SNI) request filtering. A remote attacker can use data from the SSL client hello packet to communicate with an external server and gain access to sensitive information on the target system.


How to mitigate CVE-2021-34749

Install updates from vendor's website.

Sources