| Title | 複数の Cisco 製品における例外的な状態の処理に関する脆弱性 |
|---|---|
| Summary | 複数の Cisco 製品には、例外的な状態の処理に関する脆弱性が存在します。 |
| Possible impacts | 情報を改ざんされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | April 28, 2021, midnight |
| Registration Date | Jan. 4, 2022, 12:02 p.m. |
| Last Update | Jan. 4, 2022, 12:02 p.m. |
| CVSS3.0 : 警告 | |
| Score | 5.3 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| CVSS2.0 : 警告 | |
| Score | 5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| シスコシステムズ |
| Cisco Firepower Threat Defense ソフトウェア |
| Cisco IOS XE |
| Snort.org |
| Snort |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2022年01月04日] 掲載 |
Jan. 4, 2022, 12:02 p.m. |
| Summary | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. |
|---|---|
| Publication Date | April 30, 2021, 3:15 a.m. |
| Registration Date | April 30, 2021, 10:04 a.m. |
| Last Update | Nov. 21, 2024, 2:44 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* | 6.5.0 | 6.6.4 | |||
| cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* | 6.7.0 | 6.7.0.2 | |||
| cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* | 6.4.0.12 | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:cisco:ios_xe:*:*:*:*:*:*:*:* | 16.12 | 16.12.5 | |||
| cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:* | 2.9.17.1 | ||||
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 17.1 | 17.3.3 | |||
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 17.4 | 17.4.1 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 3 | cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 4 | cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 5 | cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 6 | cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 7 | cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 8 | cpe:2.3:h:cisco:3000_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 9 | cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 10 | cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 11 | cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 12 | cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:* | ||||
| 13 | cpe:2.3:h:cisco:c8200-1n-4t:-:*:*:*:*:*:*:* | ||||
| 14 | cpe:2.3:h:cisco:c8200l-1n-4t:-:*:*:*:*:*:*:* | ||||
| 15 | cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:*:*:*:*:*:*:* | ||||
| 16 | cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:*:*:*:*:*:*:* | ||||
| 17 | cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:*:*:*:*:*:*:* | ||||
| 18 | cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:*:*:*:*:*:*:* | ||||
| 19 | cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:* | ||||