Security Center Security News v
Multiple Cisco products exposed to DoS attack due to a Snort issue

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Multiple Cisco products exposed to DoS attack due to a Snort issue
Bjyda Offline
zdorondzac
*****
Valued Member
Posts: 1,271
Threads: 303
Thanks Received: 2,115 in 979 posts
Thanks Given: 1,261
Joined: Jan 2018
Reputation: 55
The ClownThe GamerRandomReporterThe Century
#1
03-07-2021 , 11:01 PM
Quote:  Cisco announced that a vulnerability in the Snort detection engine exposes several of its products to denial-of-service (DoS) attacks.
 
Cisco announced this week that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the [color=var(--theme-link_a)]Snort detection engine.[/color]
 
The vulnerability resides in the Ethernet Frame Decoder of the Snort detection engine.
 
The vulnerability, tracked as[color=var(--theme-link_a)] CVE-2021-1285, can be exploited by an unauthenticated, adjacent attacker to trigger a DoS condition by sending it specially crafted Ethernet frames.[/color]
“The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device.” reads the [color=var(--theme-link_a)]advisory published by Cisco. “A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.”[/color]
 
The vulnerability has been rated high severity and received a CVSS score of 7.4.
 
The CVE-2021-1285 flaw affects all open source Snort project releases earlier than release 2.9.17.
 
The flaw affects multiple Cisco products running a vulnerable release of Cisco UTD Snort IPS Engine Software for IOS XE or Cisco UTD Engine for IOS XE SD-WAN Software and that are configured to pass Ethernet frames to the Snort detection engine:
  • 1000 Series Integrated Services Routers (ISRs)

  • 4000 Series Integrated Services Routers (ISRs)

  • Catalyst 8000V Edge Software

  • Catalyst 8200 Series Edge Platforms

  • Catalyst 8300 Series Edge Platforms

  • Cloud Services Router 1000V Series

  • Integrated Services Virtual Router (ISRv)
 
The vulnerability does not affect the following Cisco products:
  • 3000 Series Industrial Security Appliances (ISAs)

  • Adaptive Security Appliance (ASA) Software

  • Catalyst 8500 Series Edge Platforms

  • Catalyst 8500L Series Edge Platforms

  • Firepower Management Center (FMC) Software

  • Firepower Threat Defense (FTD) Software1

  • Meraki Security Appliances
 
Cisco has no evidence that this vulnerability has been exploited in malicious attacks. 


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Firefox 98.0.2 fixes a crash on Windows, an add-ons issue, and more Mohammad.Poorya 0 1,583 03-23-2022 , 03:09 PM
Last Post: Mohammad.Poorya
  NSA, CISA issue guidance on Protective DNS services Bjyda 0 928 03-05-2021 , 09:30 PM
Last Post: Bjyda
  VMware addresses Remote Code Execution issue in View Planner Bjyda 0 1,003 03-05-2021 , 12:16 AM
Last Post: Bjyda
  Cisco points to new tier of APT actors that behave more like cybercriminals Bjyda 0 838 02-23-2021 , 11:22 PM
Last Post: Bjyda
  Cisco fixes critical pre-auth flaws allowing router takeover tarekma7 0 1,359 07-17-2020 , 10:19 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)