CVE-2021-34753

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 76.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Software Cisco Cisco Firepower Threat Defense Software

Timeline

PublishedNov 15

Description

A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass config…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/firepower_threat_defense_software6.5.0 — 6.6.5.1+3

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareN/A

🔴Vulnerability Details

CVEList

Cisco Firepower Threat Defense Ethernet Industrial Protocol Policy Bypass Vulnerabilities↗2024-11-15

▶

GHSA

GHSA-4383-m935-j5wh: A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allo↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities↗2021-10-27

▶