CVE-2021-34749Sensitive Information Exposure in Cisco WEB Security Appliance

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
8.6HIGHNVD
CNA5.8
EPSS
2.2%
top 15.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco WEB Security ApplianceCisco Firepower Management Center Virtual Appliance FirmwareCisco Ironport WEB Security Appliance+1 more
Timeline
PublishedAug 18
Latest updateMay 24

Description

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communica

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

3
GHSA
GHSA-x64m-mg53-f49j: A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and2022-05-24
OSV
CVE-2021-34749: A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and2021-08-18
CVEList
Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability2021-08-18

📋Vendor Advisories

1
Cisco
Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability2021-08-18
CVE-2021-34749 — Sensitive Information Exposure | cvebase