CVE-2021-1236
published 2021-01-13CVE-2021-1236: Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_firepower_threat_defense_software | — | — |
| cisco | firepower_threat_defense | < 6.5.0.5 | 6.5.0.5 |
| cisco | ios_xe | < 17.4.1 | 17.4.1 |
| cisco | products_snort_application_detection_engine_policy | — | — |
| cisco | secure_firewall_management_center | — | — |
| cisco | secure_firewall_management_center | — | — |
| cisco | secure_firewall_management_center | — | — |
| cisco | secure_firewall_management_center | — | — |
| cisco | secure_firewall_management_center | — | — |
| craftcms | cms | >= 3.4.0 < 3.7.14 | 3.7.14 |
| fortinet | fortimanager | — | — |
| fortinet | fortinet | — | — |
| html-to-csv_project | html-to-csv | 0 – 0.1.3 | — |
| kevinpapst | kimai2 | >= 0 < 1.14.1 | 1.14.1 |
| mantisbt | mantisbt | >= 0 < 2.25.3 | 2.25.3 |
| pimcore | pimcore | >= 0 < 10.1.1 | 10.1.1 |
| shuup | shuup | >= 0.4.2 < 2.11.0 | 2.11.0 |
| snort | snort | < 2.9.14 | 2.9.14 |
| symfony | serializer | >= 4.1.0 < 4.4.35 | 4.4.35 |
| symfony | serializer | >= 5.0.0 < 5.3.12 | 5.3.12 |
| symfony | symfony | >= 4.1.0 < 4.4.35 | 4.4.35 |
| symfony | symfony | >= 5.0.0 < 5.3.12 | 5.3.12 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv5.3MEDIUM