CVE-2021-40116

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable.

CVSS v3 8.6 HIGH
CVSS v2.0 7.1 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:firepower_threat_defense::::::::
	cpe:2.3:a:cisco:secure_firewall_management_center:3.1.0.1:::::::*

Configuration 2 (hide)

cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-10-27 19:15

Updated : 2024-11-26 16:09

NVD link : CVE-2021-40116

Mitre link : CVE-2021-40116

CVE.ORG link : CVE-2021-40116

JSON object : View

Products Affected

snort

snort

cisco

secure_firewall_management_center
firepower_threat_defense

CWE

CWE-241

Improper Handling of Unexpected Data Type

NVD-CWE-noinfo

{"id": "CVE-2021-40116", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-10-27T19:15:08.717", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-241"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable."}, {"lang": "es", "value": "M\u00faltiples productos de Cisco est\u00e1n afectados por una vulnerabilidad en las reglas de Snort que podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido al manejo inapropiado de las acciones de Bloqueo con Reinicio o Bloqueo Interactivo con Reinicio si una regla est\u00e1 configurada sin las restricciones apropiadas. Un atacante podr\u00eda aprovechar esta vulnerabilidad mediante el env\u00edo de un paquete IP dise\u00f1ado al dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar una ca\u00edda del tr\u00e1fico de paso. Nota: S\u00f3lo son vulnerables los productos con Snort3 configurado y con una regla con acciones de bloqueo con reinicio o de bloqueo interactivo con reinicio. Los productos configurados con Snort2 no son vulnerables"}], "lastModified": "2024-11-26T16:09:02.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17F461B5-E600-4C81-BA3C-1DBC90D4D438", "versionEndExcluding": "6.4.0.13", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDF402F7-DFC5-4A83-A209-9905AE54C49F", "versionEndExcluding": "6.6.5.1", "versionStartIncluding": "6.6.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98DEDDAB-B8C5-4753-A208-94638E694FC1", "versionEndExcluding": "6.7.0.3", "versionStartIncluding": "6.7.0"}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B2F537A-A488-45B6-AD4B-48B7064AE84C", "versionEndExcluding": "7.0.1", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:3.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E394E28-4638-426A-B2A1-5EB15C36D711"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06B9024D-9EA8-4EB8-9D7C-413B9CE2F89D", "versionEndExcluding": "3.1.0.100", "versionStartIncluding": "3.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}