Cisco Firepower Threat Defense Software Vulnerability
CVE-2021-34753
5.8MEDIUM
Key Information
- Vendor
- Cisco
- Status
- Cisco Firepower Threat Defense Software
- Vendor
- CVE Published:
- 15 November 2024
Summary
A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic.
This vulnerability is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should trigger and drop for the ENIP packet.
Affected Version(s)
Cisco Firepower Threat Defense Software =
References
CVSS V3.1
Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database