CWE
670
Advisory Published
Updated

CVE-2021-1236: Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability

First published: Wed Jan 13 2021(Updated: )

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
debian/snort<=2.9.7.0-5<=2.9.15.1-5
2.9.20-0+deb10u1
2.9.20-0+deb11u1
2.9.15.1-6
Cisco IOS XE<17.4.1
Cisco 1100-4p Integrated Services Router
Cisco 1100-8p Integrated Services Router
Cisco 1101-4p Integrated Services Router
Cisco 1109-2p Integrated Services Router
Cisco 1109-4p Integrated Services Router
Cisco 1111x-8p Integrated Services Router
Cisco 4221 Integrated Services Router
Cisco 4321 Integrated Services Router
Cisco 4331 Integrated Services Router
Cisco 4351 Integrated Services Router
Cisco 4431 Integrated Services Router
Cisco 4451-x Integrated Services Router
Cisco 4461 Integrated Services Router
Cisco Csr 1000v
Cisco Isa 3000
Cisco Firepower Management Center=2.9.14.0
Cisco Firepower Management Center=2.9.14.14
Cisco Firepower Management Center=2.9.15
Cisco Firepower Management Center=2.9.16
Cisco Firepower Management Center=2.9.17
Cisco Firepower Threat Defense<6.5.0.5
Snort Snort<2.9.14
All of
Cisco IOS XE<17.4.1
Any of
Cisco 1100-4p Integrated Services Router
Cisco 1100-8p Integrated Services Router
Cisco 1101-4p Integrated Services Router
Cisco 1109-2p Integrated Services Router
Cisco 1109-4p Integrated Services Router
Cisco 1111x-8p Integrated Services Router
Cisco 4221 Integrated Services Router
Cisco 4321 Integrated Services Router
Cisco 4331 Integrated Services Router
Cisco 4351 Integrated Services Router
Cisco 4431 Integrated Services Router
Cisco 4451-x Integrated Services Router
Cisco 4461 Integrated Services Router
Cisco Csr 1000v
Cisco Isa 3000
Cisco Secure Firewall Management Center=2.9.14.0
Cisco Secure Firewall Management Center=2.9.14.14
Cisco Secure Firewall Management Center=2.9.15
Cisco Secure Firewall Management Center=2.9.16
Cisco Secure Firewall Management Center=2.9.17

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of this security issue?

    The vulnerability ID is CVE-2021-1236.

  • Which products are affected by this vulnerability?

    Multiple Cisco products including Cisco IOS XE and Cisco Firepower Management Center are affected.

  • What is the severity of CVE-2021-1236?

    The severity of CVE-2021-1236 is medium with a CVSS score of 5.3.

  • How can an attacker exploit CVE-2021-1236?

    An attacker can exploit CVE-2021-1236 by bypassing the configured policies on an affected system.

  • How can I fix CVE-2021-1236?

    To fix CVE-2021-1236, update the affected Cisco products with the appropriate security patches.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203