Details of VAR-202101-0782

ID

VAR-202101-0782

CVE

CVE-2021-1224

TITLE

plural Cisco Product permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-002550

DESCRIPTION

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. plural Cisco The product contains a privilege management vulnerability.Information may be tampered with. Cisco 3000 Series Industrial Security Appliances, etc. are all products of Cisco (Cisco). Cisco 3000 Series Industrial Security Appliances are 3000 Series Industrial Security Appliances. Cisco 4000 Series Integrated Services Routers (ISRS) are 4000 Series enterprise-class multiservice routers. Cisco Cloud Services Router 1000V Series is a 1000v series cloud service routing software. A security vulnerability exists in several Cisco products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5354-1 security@debian.org https://www.debian.org/security/ Markus Koschany February 18, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : snort CVE ID : CVE-2020-3299 CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1236 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114 Debian Bug : 1021276 Multiple security vulnerabilities were discovered in snort, a flexible Network Intrusion Detection System, which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or bypass filtering technology on an affected device and ex-filtrate data from a compromised host. For the stable distribution (bullseye), these problems have been fixed in version 2.9.20-0+deb11u1. We recommend that you upgrade your snort packages. For the detailed security status of snort please refer to its security tracker page at: https://security-tracker.debian.org/tracker/snort Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmPw/Y5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQRrA/9EQ9kF1LT2fYUGFMyKeCQQFTB8tfIsyz2VUrGUtWlVDKsDVqfEMWa6Zwx rAaFnAPOBi1KNX1laencuphuiDIxLmvA0ShpHKo/R3vY4WXmNwJMjPWNr82oTw8j CEggyfj9i5V1EwZZi0B3L4WP1pCQcJRN6XVB3FJWZScyQFtRH0xO7l9acIV68lTs 9hGDDe2wn5ufHh0sXskZitgYoXfdHjjl3CzFxrmGGDq9KFr8rDIEUnZrm58DCRNL RkDmvxrEEsXGmzQlhT/2ea88aIXgNM4xnDztr3iV1v8JOMb6BwehrH43NgdDb5V8 6xBcHuXOLNI75mca1TQxwUd8PSNo3YK60IbDC2ztcUIIvl1xk8bDFyABb3gKvGoR izKFYej4hNeZb+0HWHsnO9vvP4t6LkKF/iIGNNVNmA9ZJA94ESCfItSozIITqRE2 sJQ43X9uQhX2p/dfeyNoOJDhie0RyZyg0rPxIDNonP1YJ8kTjMMHnRNqGn9MkVYK bNr1/sdLhH0TXvs5XoL9b9YjUPL67hDHL9bHLByOKNSxXrth+TcqFX+eg7Bztn1A vS4Sc2TWCuBa3jdrS9WJiy58aB1sTABRhN+tY4wVs+A9vIr1dKHn4wsB8axmpYDW cyzVbz9Q+fC+gXwDusZccBqfD7rByEFWXflBFI4PDXRrW+NPy8w\xdb5k -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2021-1224 // JVNDB: JVNDB-2021-002550 // VULHUB: VHN-374278 // VULMON: CVE-2021-1224 // PACKETSTORM: 171060

AFFECTED PRODUCTS

vendor:	cisco	model:	meraki mx64w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx67c	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx67w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx84	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.18	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.15	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.17	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lt	version:	17.4.1	Trust: 1.0
vendor:	snort	model:	snort	scope:	lt	version:	2.9.17	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.14.0	Trust: 1.0
vendor:	cisco	model:	meraki mx68	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	firepower management center	scope:	eq	version:	2.9.16	Trust: 1.0
vendor:	cisco	model:	meraki mx64	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx68w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx100	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx450	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx68cw	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx67	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	meraki mx250	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco-meraki mx68cw	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco-meraki mx67w	scope:	-	version:	-	Trust: 0.8
vendor:	snort	model:	snort	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco-meraki mx67	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower threat defense ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco-meraki mx68	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco-meraki mx64	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco-meraki mx64w	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco-meraki mx67c	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002550 // NVD: CVE-2021-1224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1224
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1224
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1224
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-965
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374278
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1224
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1224
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374278
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1224
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1224
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1224
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374278 // VULMON: CVE-2021-1224 // JVNDB: JVNDB-2021-002550 // CNNVD: CNNVD-202101-965 // NVD: CVE-2021-1224 // NVD: CVE-2021-1224

PROBLEMTYPE DATA

problemtype:	CWE-693	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-002550 // NVD: CVE-2021-1224

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 171060 // CNNVD: CNNVD-202101-965

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-965

PATCH

title:	Top Page Cisco Systems Cisco Security Advisory	url:	https://www.snort.org/	Trust: 0.8
title:	Cisco Various product security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=139223	Trust: 0.6
title:	Cisco: Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-snort-tfo-bypass-MmzZrtes	Trust: 0.1
title:	Debian CVElist Bug Report Logs: snort: CVE-2020-3315 CVE-2021-1223 CVE-2021-1224 CVE-2021-1494 CVE-2021-1495 CVE-2021-34749 CVE-2021-40114	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1773b4dd82d4d83f1431e21300c33475	Trust: 0.1
title:	Debian Security Advisories: DSA-5354-1 snort -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6ecec49445da07dca8fb53a5a107855c	Trust: 0.1
title:	threat-generator	url:	https://github.com/kernelr0p/threat-generator	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-1224	Trust: 0.1

sources: VULMON: CVE-2021-1224 // JVNDB: JVNDB-2021-002550 // CNNVD: CNNVD-202101-965

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1224	Trust: 2.7
db:	JVNDB	id:	JVNDB-2021-002550	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0138	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.1047	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.0833	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-965	Trust: 0.6
db:	PACKETSTORM	id:	171060	Trust: 0.2
db:	VULHUB	id:	VHN-374278	Trust: 0.1
db:	VULMON	id:	CVE-2021-1224	Trust: 0.1

sources: VULHUB: VHN-374278 // VULMON: CVE-2021-1224 // JVNDB: JVNDB-2021-002550 // PACKETSTORM: 171060 // CNNVD: CNNVD-202101-965 // NVD: CVE-2021-1224

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-snort-tfo-bypass-mmzzrtes	Trust: 2.5
url:	https://www.debian.org/security/2023/dsa-5354	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1224	Trust: 1.5
url:	https://vigilance.fr/vulnerability/cisco-meraki-mx-privilege-escalation-via-snort-tfo-policy-bypass-34314	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0833	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1047	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0138/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/kernelr0p/threat-generator	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34749	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1495	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40114	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3299	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1223	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3315	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/snort	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1236	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1494	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1

sources: VULHUB: VHN-374278 // VULMON: CVE-2021-1224 // JVNDB: JVNDB-2021-002550 // PACKETSTORM: 171060 // CNNVD: CNNVD-202101-965 // NVD: CVE-2021-1224

CREDITS

Debian

Trust: 0.1

sources: PACKETSTORM: 171060

SOURCES

db:	VULHUB	id:	VHN-374278
db:	VULMON	id:	CVE-2021-1224
db:	JVNDB	id:	JVNDB-2021-002550
db:	PACKETSTORM	id:	171060
db:	CNNVD	id:	CNNVD-202101-965
db:	NVD	id:	CVE-2021-1224

LAST UPDATE DATE

2024-08-14T13:16:12.704000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374278	date:	2023-02-19T00:00:00
db:	VULMON	id:	CVE-2021-1224	date:	2023-02-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-002550	date:	2021-09-22T08:52:00
db:	CNNVD	id:	CNNVD-202101-965	date:	2023-02-21T00:00:00
db:	NVD	id:	CVE-2021-1224	date:	2023-11-07T03:27:44.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374278	date:	2021-01-13T00:00:00
db:	VULMON	id:	CVE-2021-1224	date:	2021-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-002550	date:	2021-09-22T00:00:00
db:	PACKETSTORM	id:	171060	date:	2023-02-20T16:53:59
db:	CNNVD	id:	CNNVD-202101-965	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2021-1224	date:	2021-01-13T22:15:20.410