CVE-2021-40116: Multiple Cisco Products Snort Rule Denial of Service Vulnerability
First published: Wed Oct 27 2021(Updated: )
Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Management Center | =3.1.0.1 | |
| Cisco Firepower Threat Defense | >=6.4.0<6.4.0.13 | |
| Cisco Firepower Threat Defense | >=6.6.0<6.6.5.1 | |
| Cisco Firepower Threat Defense | >=6.7.0<6.7.0.3 | |
| Cisco Firepower Threat Defense | >=7.0.0<7.0.1 | |
| Snort Snort | >=3.0.0.0<3.1.0.100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40116?
CVE-2021-40116 is a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Which Cisco products are affected by CVE-2021-40116?
Cisco Firepower Management Center version 3.1.0.1, Cisco Firepower Threat Defense versions 6.4.0 to 6.4.0.13, 6.6.0 to 6.6.5.1, 6.7.0 to 6.7.0.3, and 7.0.0 to 7.0.1 are affected by CVE-2021-40116.
What is the severity of CVE-2021-40116?
CVE-2021-40116 has a severity score of 7.5 (high).
How can an attacker exploit CVE-2021-40116?
An attacker can exploit CVE-2021-40116 by sending specially crafted network traffic to the affected device.
Where can I find more information about CVE-2021-40116?
More information about CVE-2021-40116 can be found at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM)
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/softwarecombine
- agent/weakness
- agent/tags
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco firepower management center
- version/cisco firepower management center/3.1.0.1
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/6.4.0
- version/cisco firepower threat defense/6.6.0
- version/cisco firepower threat defense/6.7.0
- version/cisco firepower threat defense/7.0.0
- vendor/snort
- canonical/snort snort
- version/snort snort/3.0.0.0