Cisco Snort Vulnerability Could Lead to Denial of Service Condition
CVE-2021-1285

7.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco Utd Snort Ips Engine Software
Vendor: CVE Published:; 18 November 2024

Summary

A vulnerability exists in the Ethernet Frame Decoder of the Cisco Snort Detection Engine that may permit an unauthenticated, adjacent attacker to create a denial of service condition. This vulnerability arises from inadequate management of error situations while processing Ethernet frames. By sending crafted malicious Ethernet frames to an affected device, an adversary can potentially deplete disk space on that device. This depletion can result in restrictions on administrator login access and might impede the device's boot process, necessitating manual recovery efforts. To recover from such an incident, affected users are encouraged to seek assistance from the Cisco Technical Assistance Center (TAC). Cisco has made software updates available to rectify this vulnerability, as no workarounds are effective.

Affected Version(s)

Cisco UTD SNORT IPS Engine Software 16.12.3

Cisco UTD SNORT IPS Engine Software Fuji-16.9.5

Cisco UTD SNORT IPS Engine Software 16.12.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 13, 2020