CVE-2021-34754: Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities
First published: Wed Oct 27 2021(Updated: )
Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Management Center | =2.9.12 | |
| Cisco Firepower Management Center | =2.9.14.0 | |
| Cisco Firepower Management Center | =2.9.16 | |
| Cisco Firepower Management Center | =2.9.17 | |
| Cisco Firepower Management Center | =2.9.18 | |
| Cisco Firepower Threat Defense | >=6.4.0<6.4.0.13 | |
| Cisco Firepower Threat Defense | >=6.6.0<6.6.5.1 | |
| Cisco Firepower Threat Defense | >=6.7.0<6.7.0.3 | |
| Cisco Firepower Threat Defense | >=7.0.0<7.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34754?
CVE-2021-34754 is a vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software.
How severe is CVE-2021-34754?
CVE-2021-34754 has a severity rating of 7.5 (High).
Which software versions are affected by CVE-2021-34754?
CVE-2021-34754 affects Cisco Firepower Management Center versions 2.9.12, 2.9.14.0, 2.9.16, and 2.9.17. It also affects Cisco Firepower Threat Defense versions 6.4.0 - 6.4.0.13, 6.6.0 - 6.6.5.1, 6.7.0 - 6.7.0.3, and 7.0.0 - 7.0.1.
What is the vulnerability description of CVE-2021-34754?
CVE-2021-34754 is a vulnerability that allows an unauthenticated, remote attacker to bypass configured rules for ENIP traffic due to incomplete processing.
How can I fix CVE-2021-34754?
To fix CVE-2021-34754, it is recommended to upgrade to a fixed software version as mentioned in the Cisco Security Advisory.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/title
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco firepower management center
- version/cisco firepower management center/2.9.12
- version/cisco firepower management center/2.9.14.0
- version/cisco firepower management center/2.9.16
- version/cisco firepower management center/2.9.17
- version/cisco firepower management center/2.9.18
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/6.4.0
- version/cisco firepower threat defense/6.6.0
- version/cisco firepower threat defense/6.7.0
- version/cisco firepower threat defense/7.0.0