Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
22 May 2023, 18:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4351:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1111x-8p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4451-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4321:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:* |
cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:* |
First Time |
Cisco 4321 Integrated Services Router
Cisco 1100-4p Integrated Services Router Cisco 4331 Integrated Services Router Cisco 4221 Integrated Services Router Cisco 4431 Integrated Services Router Cisco 1109-2p Integrated Services Router Cisco 4351 Integrated Services Router Cisco 1101-4p Integrated Services Router Cisco 4461 Integrated Services Router Cisco 1100-8p Integrated Services Router Cisco 4451-x Integrated Services Router Cisco 1111x-8p Integrated Services Router Cisco 1109-4p Integrated Services Router |
19 Feb 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Feb 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2021, 18:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:2.9.16:*:*:*:*:*:*:* cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4451-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4321:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1111x-8p:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:2.9.15:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:2.9.14.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4351:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:2.9.14.14:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_management_center:2.9.17:*:*:*:*:*:*:* cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:* |
|
CWE | CWE-670 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq - Vendor Advisory |
13 Jan 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-13 22:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-1236
Mitre link : CVE-2021-1236
CVE.ORG link : CVE-2021-1236
JSON object : View
Products Affected
cisco
- isa_3000
- 4331_integrated_services_router
- 4351_integrated_services_router
- 4461_integrated_services_router
- 4321_integrated_services_router
- 1111x-8p_integrated_services_router
- 4451-x_integrated_services_router
- 1101-4p_integrated_services_router
- csr_1000v
- firepower_threat_defense
- 4221_integrated_services_router
- ios_xe
- 1100-4p_integrated_services_router
- 1109-4p_integrated_services_router
- 1100-8p_integrated_services_router
- firepower_management_center
- 1109-2p_integrated_services_router
- 4431_integrated_services_router
snort
- snort
CWE
CWE-670
Always-Incorrect Control Flow Implementation