cvelistv5 - cve-2021-1236

cve-2021-1236

Vulnerability from cvelistv5

Published

2021-01-13 21:17

Modified

2024-09-16 19:25

Severity

4.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Summary

Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability

References

Source	URL	Tags
ykramarz@cisco.com	https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq	Vendor Advisory
ykramarz@cisco.com	https://www.debian.org/security/2023/dsa-5354

Impacted products

Vendor	Product
Cisco	Cisco Firepower Threat Defense Software

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:02:56.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210113 Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq"
          },
          {
            "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
          },
          {
            "name": "DSA-5354",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5354"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-19T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210113 Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq"
        },
        {
          "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
        },
        {
          "name": "DSA-5354",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5354"
        }
      ],
      "source": {
        "advisory": "cisco-sa-snort-app-bypass-cSBYCATq",
        "defect": [
          [
            "CSCvs85467",
            "CSCvu21318"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1236",
    "datePublished": "2021-01-13T21:17:03.406091Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-09-16T19:25:21.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-1236\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2021-01-13T22:15:20.583\",\"lastModified\":\"2023-05-22T18:57:24.750\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples productos de Cisco est\u00e1n afectados por una vulnerabilidad en el motor de detecci\u00f3n de aplicaciones de Snort que podr\u00eda permitir a un atacante remoto no autenticado omitir las pol\u00edticas configuradas en un sistema afectado.\u0026#xa0;La vulnerabilidad es debido a un fallo en el algoritmo de detecci\u00f3n.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes dise\u00f1ados que fluir\u00edan a trav\u00e9s de un sistema afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante omitir las pol\u00edticas configuradas y entregar una carga \u00fatil maliciosa a la red protegida.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-670\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-670\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.4.1\",\"matchCriteriaId\":\"72B91784-38A9-4A2A-AA92-8AB558924BBD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D2305B-B69E-4F74-A44E-07B3205CE9F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26DD41B3-1D1D-44D3-BA8E-5A66AFEE77E6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AAD4397-6DCF-493A-BD61-3A890F6F3AB2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F2F0A8E-97F6-41AC-BE67-4B2D60F9D36B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB9229F3-7BCE-46C4-9879-D57B5BAAE44E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5A606FE-E6F1-43F9-B1CD-D9DF35FC3573\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C8AED7C-DDA3-4C29-BB95-6518C02C551A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9421DBEF-AE42-4234-B49F-FCC34B804D7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5419CB9F-241F-4431-914F-2659BE27BEA5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE02DBE-EAD5-4F37-8AB7-DF46A605A0E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5720462A-BE6B-4E84-A1A1-01E80BBA86AD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"818CEFA6-208C-43C3-8E43-474A93ADCF21\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B60888-6E2B-494E-AC65-83337661EE7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8B0B49-2C99-410B-B011-5B821C5992FB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9510E97A-FD78-43C6-85BC-223001ACA264\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_management_center:2.9.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED9EFA4-D903-4F21-91CD-96E8D13B8EC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_management_center:2.9.14.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5397463D-13E1-472C-B543-3CC396A77BAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_management_center:2.9.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C53AE9E8-F123-42ED-BB8D-AC625E998951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_management_center:2.9.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C96EC981-446D-4741-AEE0-F615A468A7FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_management_center:2.9.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"163F6B90-2F10-40CC-897B-FB58FA4568FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.5.0.5\",\"matchCriteriaId\":\"4AFD5C16-FA94-4FDA-9378-F93661419098\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.9.14\",\"matchCriteriaId\":\"0ADB3B5E-B17C-4D12-9ABE-1817CED279B2\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5354\",\"source\":\"ykramarz@cisco.com\"}]}}"
  }
}

cisco-sa-snort-app-bypass-csbycatq

Vulnerability from csaf_cisco

Published

2021-01-13 16:00

Modified

2022-05-16 18:45

Summary

Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability

Notes

Summary

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Vulnerable Products

At the time of publication, this vulnerability affected all open source Snort project releases earlier than Release 2.9.14. For more information, see the Snort website ["https://www.snort.org/"]. At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco software: 3000 Series Industrial Security Appliances (ISAs) Firepower Threat Defense (FTD) Software At the time of publication, this vulnerability affected the following Cisco products if they were running a release earlier than the first fixed release of Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software or Cisco UTD Engine for Cisco IOS XE SD-WAN Software. Note: UTD is not installed on these devices by default. If the UTD file is not installed, the device is not vulnerable. 1000 Series Integrated Services Routers (ISRs) 4000 Series Integrated Services Routers (ISRs) Cloud Services Router 1000V Integrated Services Virtual Router (ISRv) For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Determine Whether UTD is Enabled To determine whether UTD is enabled on a device, issue the show utd engine standard status command and check for a Yes under Running. If there is no output, the device is not affected. The following output example shows a device that has UTD enabled: Router# show utd engine standard status Engine version : 1.0.19_SV2.9.16.1_XE17.3 Profile : Cloud-Low System memory : Usage : 6.00 % Status : Green Number of engines : 1 Engine Running Health Reason =========================================== Engine(#1): Yes Green None ======================================================= . . .

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Adaptive Security Appliance (ASA) Software Firepower Management Center (FMC) Software Meraki Security Appliances

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco Firepower Threat Defense (FTD) releases 6.5.0.5 and later contained the fix for this vulnerability. At the time of publication, Cisco UTD Snort IPS Engine Software for IOS XE 17.4.11 contained the fix for this vulnerability. At the time of publication, the open source Snort project release 2.9.14.10 and later contained the fix for this vulnerability. For more information, see the Snort website ["https://www.snort.org/"]. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Starting in 17.2.1, IOS XE and IOS XE SD-WAN use the same image file.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

This vulnerability was found during the resolution of a Cisco TAC support case.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "This vulnerability was found during the resolution of a Cisco TAC support case."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system.\r\n\r\nThe vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "At the time of publication, this vulnerability affected all open source Snort project releases earlier than Release 2.9.14. For more information, see the Snort website [\"https://www.snort.org/\"].\r\n\r\nAt the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco software:\r\n\r\n3000 Series Industrial Security Appliances (ISAs)\r\nFirepower Threat Defense (FTD) Software\r\n\r\nAt the time of publication, this vulnerability affected the following Cisco products if they were running a release earlier than the first fixed release of Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software or Cisco UTD Engine for Cisco IOS XE SD-WAN Software. Note: UTD is not installed on these devices by default. If the UTD file is not installed, the device is not vulnerable.\r\n\r\n1000 Series Integrated Services Routers (ISRs)\r\n4000 Series Integrated Services Routers (ISRs)\r\nCloud Services Router 1000V\r\nIntegrated Services Virtual Router (ISRv)\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.\r\n  Determine Whether UTD is Enabled\r\nTo determine whether UTD is enabled on a device, issue the show utd engine standard status command and check for a Yes under Running. If there is no output, the device is not affected. The following output example shows a device that has UTD enabled:\r\n\r\n\r\nRouter# show utd engine standard status\r\nEngine version       : 1.0.19_SV2.9.16.1_XE17.3\r\nProfile              : Cloud-Low\r\nSystem memory        :\r\nUsage  : 6.00 %\r\nStatus : Green\r\nNumber of engines    : 1\r\nEngine        Running    Health     Reason\r\n===========================================\r\nEngine(#1):   Yes        Green      None\r\n=======================================================\r\n.\r\n.\r\n.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nAdaptive Security Appliance (ASA) Software\r\nFirepower Management Center (FMC) Software\r\nMeraki Security Appliances",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n      Fixed Releases\r\nAt the time of publication, Cisco Firepower Threat Defense (FTD) releases 6.5.0.5 and later contained the fix for this vulnerability.\r\n\r\nAt the time of publication, Cisco UTD Snort IPS Engine Software for IOS XE 17.4.11 contained the fix for this vulnerability.\r\n\r\nAt the time of publication, the open source Snort project release 2.9.14.10 and later contained the fix for this vulnerability. For more information, see the Snort website [\"https://www.snort.org/\"].\r\n\r\nSee the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.\r\n\r\n1. Starting in 17.2.1, IOS XE and IOS XE SD-WAN use the same image file.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "This vulnerability was found during the resolution of a Cisco TAC support case.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "Snort website",
        "url": "https://www.snort.org/"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      }
    ],
    "title": "Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2022-05-16T18:45:16+00:00",
      "generator": {
        "date": "2024-05-10T22:57:51+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-snort-app-bypass-cSBYCATq",
      "initial_release_date": "2021-01-13T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2021-01-13T15:13:25+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2021-11-12T21:04:10+00:00",
          "number": "1.1.0",
          "summary": "Updated vulnerability information for Cisco UTD Engine requirements."
        },
        {
          "date": "2022-05-16T18:45:16+00:00",
          "number": "1.2.0",
          "summary": "Added instructions to determine whether UTD is enabled and running."
        }
      ],
      "status": "final",
      "version": "1.2.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Firepower Threat Defense Software",
            "product": {
              "name": "Cisco Firepower Threat Defense Software ",
              "product_id": "CSAFPID-220203"
            }
          },
          {
            "category": "product_family",
            "name": "Cisco UTD SNORT IPS Engine Software",
            "product": {
              "name": "Cisco UTD SNORT IPS Engine Software ",
              "product_id": "CSAFPID-279755"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-1236",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCvu21318"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCvs85467"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-279755",
          "CSAFPID-220203"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-220203",
            "CSAFPID-279755"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-279755",
            "CSAFPID-220203"
          ]
        }
      ],
      "title": "Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability"
    }
  ]
}

var-202101-1010

Vulnerability from variot

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. plural Cisco The product is always vulnerable to improper control flow implementation.Information may be tampered with. Cisco RV110W, etc. are all routers of Cisco (Cisco). The following products and versions are affected: Cisco RV110W, Cisco RV130, Cisco RV130W, Cisco RV215W. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-5354-1 security@debian.org https://www.debian.org/security/ Markus Koschany February 18, 2023 https://www.debian.org/security/faq

Package : snort CVE ID : CVE-2020-3299 CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1236 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114 Debian Bug : 1021276

Multiple security vulnerabilities were discovered in snort, a flexible Network Intrusion Detection System, which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or bypass filtering technology on an affected device and ex-filtrate data from a compromised host.

For the stable distribution (bullseye), these problems have been fixed in version 2.9.20-0+deb11u1.

We recommend that you upgrade your snort packages.

For the detailed security status of snort please refer to its security tracker page at: https://security-tracker.debian.org/tracker/snort

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmPw/Y5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQRrA/9EQ9kF1LT2fYUGFMyKeCQQFTB8tfIsyz2VUrGUtWlVDKsDVqfEMWa6Zwx rAaFnAPOBi1KNX1laencuphuiDIxLmvA0ShpHKo/R3vY4WXmNwJMjPWNr82oTw8j CEggyfj9i5V1EwZZi0B3L4WP1pCQcJRN6XVB3FJWZScyQFtRH0xO7l9acIV68lTs 9hGDDe2wn5ufHh0sXskZitgYoXfdHjjl3CzFxrmGGDq9KFr8rDIEUnZrm58DCRNL RkDmvxrEEsXGmzQlhT/2ea88aIXgNM4xnDztr3iV1v8JOMb6BwehrH43NgdDb5V8 6xBcHuXOLNI75mca1TQxwUd8PSNo3YK60IbDC2ztcUIIvl1xk8bDFyABb3gKvGoR izKFYej4hNeZb+0HWHsnO9vvP4t6LkKF/iIGNNVNmA9ZJA94ESCfItSozIITqRE2 sJQ43X9uQhX2p/dfeyNoOJDhie0RyZyg0rPxIDNonP1YJ8kTjMMHnRNqGn9MkVYK bNr1/sdLhH0TXvs5XoL9b9YjUPL67hDHL9bHLByOKNSxXrth+TcqFX+eg7Bztn1A vS4Sc2TWCuBa3jdrS9WJiy58aB1sTABRhN+tY4wVs+A9vIr1dKHn4wsB8axmpYDW cyzVbz9Q+fC+gXwDusZccBqfD7rByEFWXflBFI4PDXRrW+NPy8w\xdb5k -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1010",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios xe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.4.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.9.14.0"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.9.16"
      },
      {
        "model": "firepower threat defense",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.5.0.5"
      },
      {
        "model": "snort",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "snort",
        "version": "2.9.14"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.9.14.14"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.9.15"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.9.17"
      },
      {
        "model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "cisco firepower management center",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "snort",
        "scope": null,
        "trust": 0.8,
        "vendor": "snort",
        "version": null
      },
      {
        "model": "cisco ios xe",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.14.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.5.0.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.9.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "171060"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2021-1236",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-1236",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-374290",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-1236",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1236",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2021-1236",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-964",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-374290",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1236",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. plural Cisco The product is always vulnerable to improper control flow implementation.Information may be tampered with. Cisco RV110W, etc. are all routers of Cisco (Cisco). The following products and versions are affected: Cisco RV110W, Cisco RV130, Cisco RV130W, Cisco RV215W. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5354-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nFebruary 18, 2023                     https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : snort\nCVE ID         : CVE-2020-3299 CVE-2020-3315 CVE-2021-1223 CVE-2021-1224\n                 CVE-2021-1236 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749\n                 CVE-2021-40114\nDebian Bug     : 1021276\n\nMultiple security vulnerabilities were discovered in snort, a flexible Network\nIntrusion Detection System, which could allow an unauthenticated, remote\nattacker to cause a denial of service (DoS) condition or bypass filtering\ntechnology on an affected device and ex-filtrate data from a compromised host. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.9.20-0+deb11u1. \n\nWe recommend that you upgrade your snort packages. \n\nFor the detailed security status of snort please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/snort\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmPw/Y5fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeQRrA/9EQ9kF1LT2fYUGFMyKeCQQFTB8tfIsyz2VUrGUtWlVDKsDVqfEMWa6Zwx\nrAaFnAPOBi1KNX1laencuphuiDIxLmvA0ShpHKo/R3vY4WXmNwJMjPWNr82oTw8j\nCEggyfj9i5V1EwZZi0B3L4WP1pCQcJRN6XVB3FJWZScyQFtRH0xO7l9acIV68lTs\n9hGDDe2wn5ufHh0sXskZitgYoXfdHjjl3CzFxrmGGDq9KFr8rDIEUnZrm58DCRNL\nRkDmvxrEEsXGmzQlhT/2ea88aIXgNM4xnDztr3iV1v8JOMb6BwehrH43NgdDb5V8\n6xBcHuXOLNI75mca1TQxwUd8PSNo3YK60IbDC2ztcUIIvl1xk8bDFyABb3gKvGoR\nizKFYej4hNeZb+0HWHsnO9vvP4t6LkKF/iIGNNVNmA9ZJA94ESCfItSozIITqRE2\nsJQ43X9uQhX2p/dfeyNoOJDhie0RyZyg0rPxIDNonP1YJ8kTjMMHnRNqGn9MkVYK\nbNr1/sdLhH0TXvs5XoL9b9YjUPL67hDHL9bHLByOKNSxXrth+TcqFX+eg7Bztn1A\nvS4Sc2TWCuBa3jdrS9WJiy58aB1sTABRhN+tY4wVs+A9vIr1dKHn4wsB8axmpYDW\ncyzVbz9Q+fC+gXwDusZccBqfD7rByEFWXflBFI4PDXRrW+NPy8w\\xdb5k\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "db": "VULHUB",
        "id": "VHN-374290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1236"
      },
      {
        "db": "PACKETSTORM",
        "id": "171060"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1236",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0140",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1047",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0140.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2420",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.0833",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-964",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "171060",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-374290",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1236",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "db": "PACKETSTORM",
        "id": "171060"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ]
  },
  "id": "VAR-202101-1010",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374290"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:24:12.145000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top\u00a0Page Cisco Systems Cisco\u00a0Security\u00a0Advisory",
        "trust": 0.8,
        "url": "https://www.snort.org/"
      },
      {
        "title": "Cisco Various product security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=139070"
      },
      {
        "title": "Cisco: Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-snort-app-bypass-csbycatq"
      },
      {
        "title": "Debian Security Advisories: DSA-5354-1 snort -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6ecec49445da07dca8fb53a5a107855c"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2021-1236 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-670",
        "trust": 1.1
      },
      {
        "problemtype": "Always improper control flow implementation (CWE-670) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374290"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-snort-app-bypass-csbycatq"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2023/dsa-5354"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1236"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0140/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.0833"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1047"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/cisco-ios-xe-ingress-filtrering-bypass-via-snort-detection-bypass-36893"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2420"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0140.2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/670.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2021-1236"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34749"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1495"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3299"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1223"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3315"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/snort"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1224"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-374290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "db": "PACKETSTORM",
        "id": "171060"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-374290"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1236"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "db": "PACKETSTORM",
        "id": "171060"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1236"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374290"
      },
      {
        "date": "2021-01-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1236"
      },
      {
        "date": "2021-09-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "date": "2023-02-20T16:53:59",
        "db": "PACKETSTORM",
        "id": "171060"
      },
      {
        "date": "2021-01-13T22:15:20.583000",
        "db": "NVD",
        "id": "CVE-2021-1236"
      },
      {
        "date": "2021-01-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-374290"
      },
      {
        "date": "2023-02-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1236"
      },
      {
        "date": "2021-09-22T08:52:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      },
      {
        "date": "2023-05-22T18:57:24.750000",
        "db": "NVD",
        "id": "CVE-2021-1236"
      },
      {
        "date": "2023-02-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "171060"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Cisco\u00a0 Product vulnerabilities to always improper control flow implementation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002553"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-964"
      }
    ],
    "trust": 0.6
  }
}

wid-sec-w-2023-0339

Vulnerability from csaf_certbund

Published

2021-01-13 23:00

Modified

2023-02-19 23:00

Summary

Snort: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Snort ist ein freies Network Intrusion Prevention System (NIPS) und ein Network Intrusion Detection System (NIDS) der Firma Sourcefire. Router sind Geräte aus dem Bereich Computernetzwerke, Telekommunikation und Internet, die mehrere Rechnernetze miteinander verbinden. Firepower ist eine Firewall-Plattform von Cisco

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Snort und verschiedenen Cisco Produkten ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- CISCO Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Snort ist ein freies Network Intrusion Prevention System (NIPS) und ein Network Intrusion Detection System (NIDS) der Firma Sourcefire.\r\nRouter sind Ger\u00e4te aus dem Bereich Computernetzwerke, Telekommunikation und Internet, die mehrere Rechnernetze miteinander verbinden.\r\nFirepower ist eine Firewall-Plattform von Cisco",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Snort und verschiedenen Cisco Produkten ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- CISCO Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0339 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-0339.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0339 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0339"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5354 vom 2023-02-19",
        "url": "https://www.debian.org/security/2023/dsa-5354"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3317 vom 2023-02-11",
        "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory vom 2021-01-13",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory vom 2021-01-13",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory vom 2021-01-13",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes"
      }
    ],
    "source_lang": "en-US",
    "title": "Snort: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2023-02-19T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:13:47.131+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-0339",
      "initial_release_date": "2021-01-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-01-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-02-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-02-19T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco Firepower Threat Defense",
            "product": {
              "name": "Cisco Firepower Threat Defense",
              "product_id": "T015348",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:firepower:threat_defense"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cisco Router Integrated Services Virtual Router",
                "product": {
                  "name": "Cisco Router Integrated Services Virtual Router",
                  "product_id": "T014916",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:router:integrated_services_virtual_router"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Cisco Router ISR 1000 Series",
                "product": {
                  "name": "Cisco Router ISR 1000 Series",
                  "product_id": "T016455",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:router:isr_1000_series"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Cisco Router ISR 3000 Series",
                "product": {
                  "name": "Cisco Router ISR 3000 Series",
                  "product_id": "T016456",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:router:isr_3000_series"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Cisco Router ISR 4000 Series",
                "product": {
                  "name": "Cisco Router ISR 4000 Series",
                  "product_id": "T016457",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:router:isr_4000_series"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Cisco Router Cloud Services Router 1000V",
                "product": {
                  "name": "Cisco Router Cloud Services Router 1000V",
                  "product_id": "T018067",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:cisco:router:cloud_services_router_1000v"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Router"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Snort",
            "product": {
              "name": "Open Source Snort",
              "product_id": "10334",
              "product_identification_helper": {
                "cpe": "cpe:/a:snort:snort:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-1223",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Snort, wie es in diversen Cisco-Produkten verwendet wird. Die Ursachen sind eine fehlerhafte Behandlung von HTTP-Paketen sowie eine Schwachstelle im Erkennungsalgorithmus. Ein entfernter anonymer Angreifer kann dies ausnutzen, um die konfigurierten Richtlinien zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014916",
          "2951",
          "T015348",
          "T016457",
          "T016456",
          "10334",
          "T016455",
          "T018067"
        ]
      },
      "release_date": "2021-01-13T23:00:00Z",
      "title": "CVE-2021-1223"
    },
    {
      "cve": "CVE-2021-1224",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Snort, wie es in diversen Cisco-Produkten verwendet wird. Die Ursachen sind eine fehlerhafte Behandlung von HTTP-Paketen sowie eine Schwachstelle im Erkennungsalgorithmus. Ein entfernter anonymer Angreifer kann dies ausnutzen, um die konfigurierten Richtlinien zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014916",
          "2951",
          "T015348",
          "T016457",
          "T016456",
          "10334",
          "T016455",
          "T018067"
        ]
      },
      "release_date": "2021-01-13T23:00:00Z",
      "title": "CVE-2021-1224"
    },
    {
      "cve": "CVE-2021-1236",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Snort, wie es in diversen Cisco-Produkten verwendet wird. Die Ursachen sind eine fehlerhafte Behandlung von HTTP-Paketen sowie eine Schwachstelle im Erkennungsalgorithmus. Ein entfernter anonymer Angreifer kann dies ausnutzen, um die konfigurierten Richtlinien zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014916",
          "2951",
          "T015348",
          "T016457",
          "T016456",
          "10334",
          "T016455",
          "T018067"
        ]
      },
      "release_date": "2021-01-13T23:00:00Z",
      "title": "CVE-2021-1236"
    }
  ]
}

ghsa-hj38-j9jq-rjpp

Vulnerability from github

Published

2022-05-24 17:39

Modified

2023-02-11 03:32

Severity

5.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-1236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-13T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.",
  "id": "GHSA-hj38-j9jq-rjpp",
  "modified": "2023-02-11T03:32:49Z",
  "published": "2022-05-24T17:39:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1236"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5354"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2021-1236

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-1236

Aliases

CVE-2021-1236

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1236",
    "description": "Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.",
    "id": "GSD-2021-1236",
    "references": [
      "https://www.debian.org/security/2023/dsa-5354"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1236"
      ],
      "details": "Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.",
      "id": "GSD-2021-1236",
      "modified": "2023-12-13T01:23:22.890561Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2021-01-13T16:00:00",
        "ID": "CVE-2021-1236",
        "STATE": "PUBLIC",
        "TITLE": "Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Firepower Threat Defense Software ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "4.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-670"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20210113 Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq"
          },
          {
            "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
          },
          {
            "name": "DSA-5354",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2023/dsa-5354"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-snort-app-bypass-cSBYCATq",
        "defect": [
          [
            "CSCvs85467",
            "CSCvu21318"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_management_center:2.9.14.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.5.0.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.9.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2021-1236"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-670"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210113 Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq"
            },
            {
              "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
            },
            {
              "name": "DSA-5354",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2023/dsa-5354"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-05-22T18:57Z",
      "publishedDate": "2021-01-13T22:15Z"
    }
  }
}

Action not permitted

cve-2021-1236

Vulnerability from cvelistv5

cisco-sa-snort-app-bypass-csbycatq

Vulnerability from csaf_cisco

var-202101-1010

Vulnerability from variot

wid-sec-w-2023-0339

Vulnerability from csaf_certbund

ghsa-hj38-j9jq-rjpp

Vulnerability from github

gsd-2021-1236

Vulnerability from gsd

Tags