#VU55978 Information disclosure in Sourcefire products - CVE-2021-34749
Published: August 19, 2021
Vulnerability identifier: #VU55978
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-34749
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
3000 Series Industrial Security Appliance (ISA)
Cisco Web Security Appliance
Snort
Cisco Firewall Threat Defense (FTD)
3000 Series Industrial Security Appliance (ISA)
Cisco Web Security Appliance
Snort
Cisco Firewall Threat Defense (FTD)
Software vendor:
Cisco Systems, Inc
Sourcefire
Cisco Systems, Inc
Sourcefire
Description
The vulnerability allows a remote attacker to exfiltrate data from a compromised host.
The vulnerability exists due to inadequate filtering of the SSL handshake in Server Name Identification (SNI) request filtering. A remote attacker can use data from the SSL client hello packet to communicate with an external server and gain access to sensitive information on the target system.
Remediation
Install updates from vendor's website.