Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1224

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.

Published

2021-01-13T22:15:20.410

Last Modified

2024-11-26T16:09:02.407

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-693
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	firepower_threat_defense	< 6.7.0	Yes
Application	cisco	secure_firewall_management_center	2.9.14.0	Yes
Application	cisco	secure_firewall_management_center	2.9.15	Yes
Application	cisco	secure_firewall_management_center	2.9.16	Yes
Application	cisco	secure_firewall_management_center	2.9.17	Yes
Application	cisco	secure_firewall_management_center	2.9.18	Yes
Application	cisco	secure_firewall_management_center	3.0.1	Yes
Operating System	cisco	ios_xe	< 17.4.1	Yes
Hardware	cisco	1100-4p_integrated_services_router	-	No
Hardware	cisco	1100-8p_integrated_services_router	-	No
Hardware	cisco	1101-4p_integrated_services_router	-	No
Hardware	cisco	1109-2p_integrated_services_router	-	No
Hardware	cisco	1109-4p_integrated_services_router	-	No
Hardware	cisco	1111x-8p_integrated_services_router	-	No
Hardware	cisco	4221_integrated_services_router	-	No
Hardware	cisco	4321_integrated_services_router	-	No
Hardware	cisco	4331_integrated_services_router	-	No
Hardware	cisco	4351_integrated_services_router	-	No
Hardware	cisco	4431_integrated_services_router	-	No
Hardware	cisco	4451-x_integrated_services_router	-	No
Hardware	cisco	4461_integrated_services_router	-	No
Hardware	cisco	csr_1000v	-	No
Hardware	cisco	isa_3000	-	No
Application	snort	snort	< 2.9.17	Yes
Operating System	cisco	meraki_mx64_firmware	-	Yes
Hardware	cisco	meraki_mx64	-	No
Operating System	cisco	meraki_mx64w_firmware	-	Yes
Hardware	cisco	meraki_mx64w	-	No
Operating System	cisco	meraki_mx67_firmware	-	Yes
Hardware	cisco	meraki_mx67	-	No
Operating System	cisco	meraki_mx67c_firmware	-	Yes
Hardware	cisco	meraki_mx67c	-	No
Operating System	cisco	meraki_mx67w_firmware	-	Yes
Hardware	cisco	meraki_mx67w	-	No
Operating System	cisco	meraki_mx68_firmware	-	Yes
Hardware	cisco	meraki_mx68	-	No
Operating System	cisco	meraki_mx68cw_firmware	-	Yes
Hardware	cisco	meraki_mx68cw	-	No
Operating System	cisco	meraki_mx68w_firmware	-	Yes
Hardware	cisco	meraki_mx68w	-	No
Operating System	cisco	meraki_mx100_firmware	-	Yes
Hardware	cisco	meraki_mx100	-	No
Operating System	cisco	meraki_mx84_firmware	-	Yes
Hardware	cisco	meraki_mx84	-	No
Operating System	cisco	meraki_mx250_firmware	-	Yes
Hardware	cisco	meraki_mx250	-	No
Operating System	cisco	meraki_mx450_firmware	-	Yes
Hardware	cisco	meraki_mx450	-	No

References

https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes Vendor Advisory ([email protected])
https://www.debian.org/security/2023/dsa-5354 ([email protected])
https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5354 (af854a3a-2127-422b-91ae-364da2661108)