| Title | 複数の Cisco 製品における権限管理に関する脆弱性 |
|---|---|
| Summary | 複数の Cisco 製品には、権限管理に関する脆弱性が存在します。 |
| Possible impacts | 情報を改ざんされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Jan. 13, 2021, midnight |
| Registration Date | Sept. 22, 2021, 5:52 p.m. |
| Last Update | Sept. 22, 2021, 5:52 p.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| CVSS2.0 : 警告 | |
| Score | 5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| シスコシステムズ |
| Cisco FirePOWER Management Center |
| Cisco Firepower Threat Defense ソフトウェア |
| Cisco IOS XE |
| Snort.org |
| Snort |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2021年09月22日] 掲載 |
Sept. 22, 2021, 5:52 p.m. |
| Summary | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. |
|---|---|
| Publication Date | Jan. 14, 2021, 7:15 a.m. |
| Registration Date | Jan. 26, 2021, 10:40 a.m. |
| Last Update | Nov. 21, 2024, 2:43 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:cisco:firepower_management_center:2.9.14.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:cisco:firepower_management_center:2.9.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:cisco:firepower_management_center:2.9.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* | 6.7.0 | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 17.4.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 3 | cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 4 | cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 5 | cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 6 | cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 7 | cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 8 | cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 9 | cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 10 | cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 11 | cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 12 | cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 13 | cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 14 | cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:* | ||||
| 15 | cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:* | 2.9.17 | ||||