CVE-2021-1495

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) versions (affected versions not specified) Cisco Catalyst versions (affected versions not specified) Cisco ISR versions (affected versions not specified) Cisco ISA versions (affected versions not specified) Cisco ISRv versions (affected versions not specified)

Description The issue is related to a vulnerability in the Snort detection engine of multiple Cisco products. This vulnerability could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP due to incorrect handling of specific HTTP header parameters, such as HTTP header parameters. An attacker could exploit this by sending crafted HTTP packets through an affected device, potentially allowing them to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Recommendations For Cisco Firepower Threat Defense (FTD), update the Snort detection engine to a version that includes the fix for this issue. For Cisco Catalyst, apply the recommended security configuration changes to mitigate the risk of exploitation. For Cisco ISR, restrict access to the affected HTTP endpoints until a patch is available. For Cisco ISA, consider disabling the Snort detection engine temporarily as a workaround until a fix is applied. For Cisco ISRv, avoid using vulnerable HTTP header parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.