CVE-2021-1236

MEDIUM

Cisco IOS XE < 17.4.1 - Unauthenticated Policy Bypass via Snort Detection Algorithm Flaw

Title source: llm

Description

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5354

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html

Scores

CVSS v3 5.3

EPSS 0.0215

EPSS Percentile 79.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-670

Status published

Products (8)

cisco/firepower_threat_defense < 6.5.0.5

cisco/ios_xe < 17.4.1

cisco/secure_firewall_management_center 2.9.14.0

cisco/secure_firewall_management_center 2.9.14.14

cisco/secure_firewall_management_center 2.9.15

cisco/secure_firewall_management_center 2.9.16

cisco/secure_firewall_management_center 2.9.17

snort/snort < 2.9.14

Published Jan 13, 2021

Tracked Since Feb 18, 2026