Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Cisco
  • Catalyst 8300-1n1s-6t
  • 111x Integrated Services Router
  • Catalyst 8300-2n2s-6t
  • Ios Xe
  • 4431 Integrated Services Router
  • 1100-4g\/6g Integrated Services Router
  • 1160 Integrated Services Router
  • Catalyst 8300-1n1s-4t2x
  • Catalyst 8500l
  • 1120 Integrated Services Router
  • C8200-1n-4t
  • 1101 Integrated Services Router
  • 3000 Integrated Services Router
  • 4461 Integrated Services Router
  • C8200l-1n-4t
  • 1109 Integrated Services Router
  • Catalyst 8300-2n2s-4t2x
  • 4331 Integrated Services Router
  • Firepower Threat Defense
  • 1111x Integrated Services Router
  • 4221 Integrated Services Router
Snort
  • Snort

Configuration 1 [-]

OR cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:cisco:ios_xe:*:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:3000_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c8200-1n-4t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c8200l-1n-4t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:*
References
Link Resource
https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc Vendor Advisory
https://www.debian.org/security/2023/dsa-5354
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2021-04-29T00:00:00

Updated: 2023-02-19T00:00:00

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1495

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2021-04-29T18:15:09.430

Modified: 2023-11-07T03:28:25.833

Link: CVE-2021-1495

JSON object: View

cve-icon Redhat Information

No data.

CWE