#VU52752 Security features bypass in Cisco Systems, Inc Hardware solutions


Published: 2021-04-29

Vulnerability identifier: #VU52752

Vulnerability risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1495

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances
Cisco UTD Snort IPS Engine Software for IOS XE
Other software / Other software solutions
Cisco UTD Engine for IOS XE SD-WAN
Other software / Other software solutions
Open Source Snort 2
Server applications / IDS/IPS systems, Firewalls and proxy servers
3000 Series Industrial Security Appliance (ISA)
Server applications / IDS/IPS systems, Firewalls and proxy servers
Snort
Server applications / IDS/IPS systems, Firewalls and proxy servers
Integrated Services Virtual Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cloud Services Router 1000V Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8500L Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8300 Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8200 Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8000V Edge Software
Hardware solutions / Routers & switches, VoIP, GSM, etc
4000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco 1000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass a configured file policy for HTTP. 

The vulnerability exists due to incorrect handling of specific HTTP header parameters. A remote attacker can send specially crafted HTTP packets to bypass a configured file policy for HTTP packets and deliver a malicious payload. 

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.2.2, 6.2.3, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0

Cisco UTD Snort IPS Engine Software for IOS XE: 16.12 - 17.4

Cisco UTD Engine for IOS XE SD-WAN: 16.12 - 17.4

Open Source Snort 2: All versions

Integrated Services Virtual Routers: All versions

Cloud Services Router 1000V Series: All versions

Catalyst 8500L Series Edge Platforms: All versions

Catalyst 8300 Series Edge Platforms: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8000V Edge Software: All versions

4000 Series Integrated Services Routers: All versions

3000 Series Industrial Security Appliance (ISA): All versions

Cisco 1000 Series Integrated Services Routers: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Security features bypass in Multiple Cisco Products