#VU52752 Security features bypass in Sourcefire products - CVE-2021-1495
Published: April 29, 2021
Vulnerability identifier: #VU52752
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-1495
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Firewall Threat Defense (FTD)
Cisco UTD Snort IPS Engine Software for IOS XE
Cisco UTD Engine for IOS XE SD-WAN
Open Source Snort 2
3000 Series Industrial Security Appliance (ISA)
Snort
Integrated Services Virtual Routers
Cloud Services Router 1000V Series
Catalyst 8500L Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8200 Series Edge Platforms
Catalyst 8000V Edge Software
4000 Series Integrated Services Routers
Cisco 1000 Series Integrated Services Routers
Cisco Firewall Threat Defense (FTD)
Cisco UTD Snort IPS Engine Software for IOS XE
Cisco UTD Engine for IOS XE SD-WAN
Open Source Snort 2
3000 Series Industrial Security Appliance (ISA)
Snort
Integrated Services Virtual Routers
Cloud Services Router 1000V Series
Catalyst 8500L Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8200 Series Edge Platforms
Catalyst 8000V Edge Software
4000 Series Integrated Services Routers
Cisco 1000 Series Integrated Services Routers
Software vendor:
Cisco Systems, Inc
Sourcefire
Cisco Systems, Inc
Sourcefire
Description
The vulnerability allows a remote attacker to bypass a configured file policy for HTTP.
The vulnerability exists due to incorrect handling of specific HTTP header parameters. A remote attacker can send specially crafted HTTP packets to bypass a configured file policy for HTTP packets and deliver a malicious payload.
Remediation
Install updates from vendor's website.