TCP Packet Manipulation in Suricata Firewall by Open Information Security Foundation
CVE-2021-45098

7.5HIGH

Key Information:

Vendor

Oisf

Status
Suricata
Vendor
CVE Published:
16 December 2021

What is CVE-2021-45098?

A vulnerability has been discovered in Suricata, a high-performance network IDS, IPS, and NSM engine, which affects versions prior to 6.0.4. This issue allows attackers to bypass HTTP-based signatures by exploiting the TCP protocol through manipulation of RST packets. Specifically, an attacker can forge an RST TCP packet with random TCP options from the client side following the three-way handshake, and subsequently send an HTTP GET request to a forbidden URL. As a result, the vulnerable server does not recognize the injected RST ACK, leading to the unauthorized processing of requests that would otherwise be blocked, compromising the integrity of the security measures in place.

References

https://github.com/OISF/suricata/releases
x_refsource_MISC
https://redmine.openinfosecfoundation.org/issues/4710
x_refsource_MISC
https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-rele...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-45098 : TCP Packet Manipulation in Suricata Firewall by Open Information Security Foundation