First published: Wed Jan 13 2021(Updated: )
Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/snort | <=2.9.7.0-5<=2.9.15.1-5<=2.9.15.1-6 | 2.9.20-0+deb10u1 2.9.20-0+deb11u1 |
Cisco Firepower Management Center | =2.9.14.0 | |
Cisco Firepower Management Center | =2.9.15 | |
Cisco Firepower Management Center | =2.9.16 | |
Cisco Firepower Management Center | =2.9.17 | |
Cisco Firepower Management Center | =2.9.18 | |
Cisco Firepower Management Center | =3.0.1 | |
Cisco Firepower Threat Defense | <6.7.0 | |
Cisco IOS XE | <17.4.1 | |
Cisco 1100-4p Integrated Services Router | ||
Cisco 1100-8p Integrated Services Router | ||
Cisco 1101-4p Integrated Services Router | ||
Cisco 1109-2p Integrated Services Router | ||
Cisco 1109-4p Integrated Services Router | ||
Cisco 1111x-8p Integrated Services Router | ||
Cisco 4221 Integrated Services Router | ||
Cisco 4321 Integrated Services Router | ||
Cisco 4331 Integrated Services Router | ||
Cisco 4351 Integrated Services Router | ||
Cisco 4431 Integrated Services Router | ||
Cisco 4451-x Integrated Services Router | ||
Cisco 4461 Integrated Services Router | ||
Cisco Csr 1000v | ||
Cisco Isa 3000 | ||
Snort Snort | <2.9.17 | |
Cisco Meraki Mx64 Firmware | ||
Cisco Meraki Mx64 | ||
Cisco Meraki Mx64w Firmware | ||
Cisco Meraki Mx64w | ||
Cisco Meraki Mx67 Firmware | ||
Cisco Meraki Mx67 | ||
Cisco Meraki Mx67c Firmware | ||
Cisco Meraki Mx67c | ||
Cisco Meraki Mx67w Firmware | ||
Cisco Meraki Mx67w | ||
Cisco Meraki Mx68 Firmware | ||
Cisco Meraki Mx68 | ||
Cisco Meraki Mx68cw Firmware | ||
Cisco Meraki Mx68cw | ||
Cisco Meraki Mx68w Firmware | ||
Cisco Meraki Mx68w | ||
Cisco Meraki Mx100 Firmware | ||
Cisco Meraki Mx100 | ||
Cisco Meraki Mx84 Firmware | ||
Cisco Meraki Mx84 | ||
Cisco Meraki Mx250 Firmware | ||
Cisco Meraki Mx250 | ||
Cisco Meraki Mx450 Firmware | ||
Cisco Meraki Mx450 | ||
Cisco Secure Firewall Management Center | =2.9.14.0 | |
Cisco Secure Firewall Management Center | =2.9.15 | |
Cisco Secure Firewall Management Center | =2.9.16 | |
Cisco Secure Firewall Management Center | =2.9.17 | |
Cisco Secure Firewall Management Center | =2.9.18 | |
Cisco Secure Firewall Management Center | =3.0.1 | |
All of | ||
Cisco IOS XE | <17.4.1 | |
Any of | ||
Cisco 1100-4p Integrated Services Router | ||
Cisco 1100-8p Integrated Services Router | ||
Cisco 1101-4p Integrated Services Router | ||
Cisco 1109-2p Integrated Services Router | ||
Cisco 1109-4p Integrated Services Router | ||
Cisco 1111x-8p Integrated Services Router | ||
Cisco 4221 Integrated Services Router | ||
Cisco 4321 Integrated Services Router | ||
Cisco 4331 Integrated Services Router | ||
Cisco 4351 Integrated Services Router | ||
Cisco 4431 Integrated Services Router | ||
Cisco 4451-x Integrated Services Router | ||
Cisco 4461 Integrated Services Router | ||
Cisco Csr 1000v | ||
Cisco Isa 3000 | ||
All of | ||
Cisco Meraki Mx64 Firmware | ||
Cisco Meraki Mx64 | ||
All of | ||
Cisco Meraki Mx64w Firmware | ||
Cisco Meraki Mx64w | ||
All of | ||
Cisco Meraki Mx67 Firmware | ||
Cisco Meraki Mx67 | ||
All of | ||
Cisco Meraki Mx67c Firmware | ||
Cisco Meraki Mx67c | ||
All of | ||
Cisco Meraki Mx67w Firmware | ||
Cisco Meraki Mx67w | ||
All of | ||
Cisco Meraki Mx68 Firmware | ||
Cisco Meraki Mx68 | ||
All of | ||
Cisco Meraki Mx68cw Firmware | ||
Cisco Meraki Mx68cw | ||
All of | ||
Cisco Meraki Mx68w Firmware | ||
Cisco Meraki Mx68w | ||
All of | ||
Cisco Meraki Mx100 Firmware | ||
Cisco Meraki Mx100 | ||
All of | ||
Cisco Meraki Mx84 Firmware | ||
Cisco Meraki Mx84 | ||
All of | ||
Cisco Meraki Mx250 Firmware | ||
Cisco Meraki Mx250 | ||
All of | ||
Cisco Meraki Mx450 Firmware | ||
Cisco Meraki Mx450 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco vulnerability is CVE-2021-1224.
The severity of CVE-2021-1224 is medium with a severity value of 5.3.
Cisco products affected by CVE-2021-1224 include Firepower Management Center, Firepower Threat Defense, and IOS XE.
An attacker can exploit CVE-2021-1224 by bypassing a configured file policy for HTTP when using TCP Fast Open (TFO) in conjunction with the Snort detection engine.
To fix CVE-2021-1224, update to the recommended versions of the affected Cisco products and Snort.