What is the vulnerability ID for this Cisco vulnerability?

The vulnerability ID for this Cisco vulnerability is CVE-2021-1224.

What is the severity of CVE-2021-1224?

The severity of CVE-2021-1224 is medium with a severity value of 5.3.

Which Cisco products are affected by CVE-2021-1224?

Cisco products affected by CVE-2021-1224 include Firepower Management Center, Firepower Threat Defense, and IOS XE.

How can an attacker exploit CVE-2021-1224?

An attacker can exploit CVE-2021-1224 by bypassing a configured file policy for HTTP when using TCP Fast Open (TFO) in conjunction with the Snort detection engine.

How do I fix CVE-2021-1224?

To fix CVE-2021-1224, update to the recommended versions of the affected Cisco products and Snort.

Vulnerability/
CVE-2021-1224

medium

5.8

CWE

693

13/1/2021

26/11/2024

CVE-2021-1224: Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability

First published: Wed Jan 13 2021(Updated: )

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
debian/snort	<=2.9.7.0-5<=2.9.15.1-5<=2.9.15.1-6	2.9.20-0+deb10u1 2.9.20-0+deb11u1
Cisco Secure Firewall Threat Defense	<6.7.0
Cisco Secure Firewall Management Center	=2.9.14.0
Cisco Secure Firewall Management Center	=2.9.15
Cisco Secure Firewall Management Center	=2.9.16
Cisco Secure Firewall Management Center	=2.9.17
Cisco Secure Firewall Management Center	=2.9.18
Cisco Secure Firewall Management Center	=3.0.1
All of
Cisco IOS XE	<17.4.1
Any of
Cisco 1109-4p Integrated Services Router
Cisco 1100 Integrated Services Router
Cisco 1101 Integrated Services Router
Cisco 1109 Integrated Services Router
Cisco 1109-4p
Cisco 1111x-8p
Cisco 4221 Integrated Services Router
Cisco 4321/k9-ws Integrated Services Router
Cisco 4331/k9 Integrated Services Router
Cisco 4351/k9-rf Integrated Services Router
Cisco 4431 Integrated Services Router
Cisco 4451-X Integrated Services Router
Cisco 4441 Integrated Services Router
Cisco Cloud Services Router 1000V
Cisco IE 3000
Snort	<2.9.17
All of
Cisco Meraki MX64W Firmware
Cisco Meraki MX64 Firmware
All of
Cisco Meraki MX64W Firmware
Cisco Meraki MX64W Firmware
All of
Cisco Meraki MX67W Firmware
Cisco Meraki MX67 Firmware
All of
Cisco Meraki MX67C Firmware
Cisco Meraki MX67C Firmware
All of
Cisco Meraki MX67W Firmware
Cisco Meraki MX67W Firmware
All of
Cisco Meraki MX68
Cisco Meraki MX68 Firmware
All of
Cisco Meraki MX68
Cisco Meraki MX68CW Firmware
All of
Cisco Meraki MX68W Firmware
Cisco Meraki MX68W Firmware
All of
Cisco Meraki MX100
Cisco Meraki MX100
All of
Cisco Meraki MX84 Firmware
Cisco Meraki MX84 Firmware
All of
Cisco Meraki MX250 Firmware
Cisco Meraki MX250 Firmware
All of
Cisco Meraki MX450 Firmware
Cisco Meraki MX450 Firmware
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=2.9.14.0
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=2.9.15
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=2.9.16
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=2.9.17
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=2.9.18
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=3.0.1
Cisco IOS XE	<17.4.1
Cisco 1109-4p Integrated Services Router
Cisco 1100 Integrated Services Router
Cisco 1101 Integrated Services Router
Cisco 1109 Integrated Services Router
Cisco 1109-4p
Cisco 1111x-8p
Cisco 4221 Integrated Services Router
Cisco 4321/k9-ws Integrated Services Router
Cisco 4331/k9 Integrated Services Router
Cisco 4351/k9-rf Integrated Services Router
Cisco 4431 Integrated Services Router
Cisco 4451-X Integrated Services Router
Cisco 4441 Integrated Services Router
Cisco Cloud Services Router 1000V
Cisco IE 3000
Cisco Meraki MX64W Firmware
Cisco Meraki MX64 Firmware
Cisco Meraki MX64W Firmware
Cisco Meraki MX64W Firmware
Cisco Meraki MX67W Firmware
Cisco Meraki MX67 Firmware
Cisco Meraki MX67C Firmware
Cisco Meraki MX67C Firmware
Cisco Meraki MX67W Firmware
Cisco Meraki MX67W Firmware
Cisco Meraki MX68
Cisco Meraki MX68 Firmware
Cisco Meraki MX68
Cisco Meraki MX68CW Firmware
Cisco Meraki MX68W Firmware
Cisco Meraki MX68W Firmware
Cisco Meraki MX100
Cisco Meraki MX100
Cisco Meraki MX84 Firmware
Cisco Meraki MX84 Firmware
Cisco Meraki MX250 Firmware
Cisco Meraki MX250 Firmware
Cisco Meraki MX450 Firmware
Cisco Meraki MX450 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this Cisco vulnerability?
The vulnerability ID for this Cisco vulnerability is CVE-2021-1224.
What is the severity of CVE-2021-1224?
The severity of CVE-2021-1224 is medium with a severity value of 5.3.
Which Cisco products are affected by CVE-2021-1224?
Cisco products affected by CVE-2021-1224 include Firepower Management Center, Firepower Threat Defense, and IOS XE.
How can an attacker exploit CVE-2021-1224?
An attacker can exploit CVE-2021-1224 by bypassing a configured file policy for HTTP when using TCP Fast Open (TFO) in conjunction with the Snort detection engine.
How do I fix CVE-2021-1224?
To fix CVE-2021-1224, update to the recommended versions of the affected Cisco products and Snort.

collector/security-tracker-debian
agent/type
agent/weakness
agent/references
agent/description
agent/title
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/event
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/tags
package-manager/debian
vendor/cisco
canonical/cisco secure firewall threat defense
canonical/cisco secure firewall management center
version/cisco secure firewall management center/2.9.14.0
version/cisco secure firewall management center/2.9.15
version/cisco secure firewall management center/2.9.16
version/cisco secure firewall management center/2.9.17
version/cisco secure firewall management center/2.9.18
version/cisco secure firewall management center/3.0.1
canonical/cisco ios xe
canonical/cisco 1109-4p integrated services router
canonical/cisco 1100 integrated services router
canonical/cisco 1101 integrated services router
canonical/cisco 1109 integrated services router
canonical/cisco 1109-4p
canonical/cisco 1111x-8p
canonical/cisco 4221 integrated services router
canonical/cisco 4321/k9-ws integrated services router
canonical/cisco 4331/k9 integrated services router
canonical/cisco 4351/k9-rf integrated services router
canonical/cisco 4431 integrated services router
canonical/cisco 4451-x integrated services router
canonical/cisco 4441 integrated services router
canonical/cisco cloud services router 1000v
canonical/cisco ie 3000
vendor/snort
canonical/snort
canonical/cisco meraki mx64w firmware
canonical/cisco meraki mx64 firmware
canonical/cisco meraki mx67w firmware
canonical/cisco meraki mx67 firmware
canonical/cisco meraki mx67c firmware
canonical/cisco meraki mx68
canonical/cisco meraki mx68 firmware
canonical/cisco meraki mx68cw firmware
canonical/cisco meraki mx68w firmware
canonical/cisco meraki mx100
canonical/cisco meraki mx84 firmware
canonical/cisco meraki mx250 firmware
canonical/cisco meraki mx450 firmware
canonical/cisco firepower management center (fmc) and firepower threat defense (ftd) software
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/2.9.14.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/2.9.15
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/2.9.16
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/2.9.17
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/2.9.18
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/3.0.1