CVE-2021-1224

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.
Severity
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
ciscofirepower_threat_defense
𝑥
< 6.7.0
ciscosecure_firewall_management_center
2.9.14.0
ciscosecure_firewall_management_center
2.9.15
ciscosecure_firewall_management_center
2.9.16
ciscosecure_firewall_management_center
2.9.17
ciscosecure_firewall_management_center
2.9.18
ciscosecure_firewall_management_center
3.0.1
ciscoios_xe
𝑥
< 17.4.1
snortsnort
𝑥
< 2.9.17
ciscomeraki_mx64_firmware
-
ciscomeraki_mx64w_firmware
-
ciscomeraki_mx67_firmware
-
ciscomeraki_mx67c_firmware
-
ciscomeraki_mx67w_firmware
-
ciscomeraki_mx68_firmware
-
ciscomeraki_mx68cw_firmware
-
ciscomeraki_mx68w_firmware
-
ciscomeraki_mx100_firmware
-
ciscomeraki_mx84_firmware
-
ciscomeraki_mx250_firmware
-
ciscomeraki_mx450_firmware
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
snort
noble
not-affected
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needed
impish
ignored
focal
needed
bionic
needed
xenial
needed
trusty
needed