CVE-2021-40114Allocation of Resources Without Limits or Throttling in Cisco Firepower Threat Defense

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-401Missing Release of Memory after Effective Lifetime5 documents5 sources
Severity
7.5HIGHNVD
CNA6.8
EPSS
3.4%
top 12.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SnortCisco Firepower Threat DefenseCisco Unified Threat Defense+2 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDsnort/snort2.0.02.9.18
Alpinesnort/snort< 2.9.18-r0+8
NVDcisco/unified_threat_defense16.1216.12.6+2
NVDcisco/firepower_threat_defense6.5.06.6.3+2

🔴Vulnerability Details

3
GHSA
GHSA-5v43-2p8q-45m6: Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticat2022-05-24
CVEList
Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability2021-10-27
OSV
CVE-2021-40114: Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticat2021-10-27

📋Vendor Advisories

1
Cisco
Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability2021-10-27
CVE-2021-40114 — Cisco vulnerability | cvebase