Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
29 Oct 2021, 13:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:3.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.1
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezMĀ - Vendor Advisory |
27 Oct 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable. |
27 Oct 2021, 19:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-27 19:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-40116
Mitre link : CVE-2021-40116
CVE.ORG link : CVE-2021-40116
JSON object : View
Products Affected
cisco
- firepower_threat_defense
- firepower_management_center
snort
- snort
CWE