CVE-2021-34754

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to the implementation of the Ethernet Industrial Protocol (ENIP) in the Cisco Firepower Threat Defense (FTD) Software, which is associated with access control weaknesses. An unauthenticated, remote attacker could exploit this by sending specially crafted ENIP packets to bypass configured security rules. The vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets, allowing an attacker to bypass configured access control and intrusion policies.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.