Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerabilities

2021-04-2816:00:00

tools.cisco.com

0.001 Low

EPSS

Percentile

48.8%

JSON

Multiple Cisco products are affected by vulnerabilities in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP.

These vulnerabilities are due to incorrect handling of specific HTTP header parameters. An attacker could exploit these vulnerabilities by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc”]

CPENameOperatorVersion
cisco firepower threat defense softwareeq6.2
cisco firepower threat defense softwareeq6.6
cisco firepower threat defense softwareeq6.4
cisco firepower threat defense softwareeq6.7
cisco firepower 2100 serieseqany
cisco firepower 1000 serieseqany
cisco 3000 series industrial security appliances (isa)eqany
cisco firepower 9000 serieseqany
cisco firepower 4100 serieseqany
cisco secure firewall threat defense virtualeqany

Name	Operator	Version
cisco firepower threat defense software	eq	6.2
cisco firepower threat defense software	eq	6.6
cisco firepower threat defense software	eq	6.4
cisco firepower threat defense software	eq	6.7
cisco firepower 2100 series	eq	any
cisco firepower 1000 series	eq	any
cisco 3000 series industrial security appliances (isa)	eq	any
cisco firepower 9000 series	eq	any
cisco firepower 4100 series	eq	any
cisco secure firewall threat defense virtual	eq	any