CVE-2021-1494

MEDIUM

Cisco Firepower Threat Defense Software - Unauthenticated File Policy Bypass via HTTP Header Handling

Title source: llm

Description

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

References (1)

Core 1

Core References

Various Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc

Scores

CVSS v3 5.8

EPSS 0.0023

EPSS Percentile 45.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-693

Status published

Products (30)

Cisco/Cisco Firepower Threat Defense Software

Cisco/Cisco UTD SNORT IPS Engine Software 16.12.1a

Cisco/Cisco UTD SNORT IPS Engine Software 16.12.2

Cisco/Cisco UTD SNORT IPS Engine Software 16.12.3

Cisco/Cisco UTD SNORT IPS Engine Software 16.12.4

Cisco/Cisco UTD SNORT IPS Engine Software 16.6.1

Cisco/Cisco UTD SNORT IPS Engine Software 16.6.5

Cisco/Cisco UTD SNORT IPS Engine Software 16.6.6

Cisco/Cisco UTD SNORT IPS Engine Software 16.6.7a

Cisco/Cisco UTD SNORT IPS Engine Software 16.6.9

... and 20 more

Published Nov 15, 2024

Tracked Since Feb 18, 2026