CVE-2021-1223

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Cisco products (affected versions not specified)

Description: The issue is related to a vulnerability in the Snort detection engine, which could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. This is due to incorrect handling of an HTTP range header. An attacker could exploit this by sending crafted HTTP packets through an affected device, potentially allowing them to bypass the configured file policy for HTTP packets and deliver a malicious payload.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

ALT-PU-2021-1678

ALT-PU-2024-16610

BDU:2021-00473

CVE-2021-1223

DLA-3317-1

DSA-5354-1

MGASA-2023-0117

Affected Products

Alt Linux

Snort

CVE-2021-1223

Weakness Enumeration

Related Identifiers

Affected Products

References · 19