CVE-2021-1285

CWE-770Allocation without Limits7 documents6 sources
Severity
7.4HIGH
EPSS
1.7%
top 17.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco UTD Snort IPS Engine Software
Timeline
PublishedNov 18

Description

Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Multiple Cisco Products SNORT Ethernet Frame Decoder Denial of Service Vulnerability2024-11-18
GHSA
GHSA-278j-256r-v8r4: Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticate2024-11-18

📋Vendor Advisories

3
Oracle
Oracle Oracle Hospitality Applications Risk Matrix: Logging (Apache log4net) — CVE-2018-12852021-04-15
Cisco
Multiple Cisco Products Snort Ethernet Frame Decoder Denial of Service Vulnerability2021-03-03
Oracle
Oracle Oracle Food and Beverage Applications Risk Matrix: Simphony Server (Apache log4net) — CVE-2018-12852021-01-15

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-30402021-07-15
CVE-2021-1285 (HIGH CVSS 7.4) | Multiple Cisco products are affecte | cvebase.io