CVE-2021-40114

Published Oct 27, 2021

Last updated 5 months ago

CVSS medium 6.8

Overview

Description: Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

ykramarz@cisco.com: CWE-770
nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAE65CB5-08E5-41B6-9AC0-02451C90E833",
            "versionEndExcluding": "6.4.0.12"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D042ED9F-3702-4959-AAA0-D98684EB4556",
            "versionEndExcluding": "6.6.3",
            "versionStartIncluding": "6.5.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDDF492B-BC61-4814-B05F-3F6CD07080F7",
            "versionEndExcluding": "6.7.0.2",
            "versionStartIncluding": "6.7.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2986D5BD-1936-41BD-A992-7672C019F27E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42493B4F-0CF2-45F0-B72D-36F0597CC274"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06F2E7D8-BB95-480D-AE3E-F9B97C3A5379"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_firewall_management_center:2.9.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F41C382-C849-465C-AF77-0A787CA03BA7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "174C4020-E642-48F7-BCC5-884834D3EBBB",
            "versionEndExcluding": "16.12.6",
            "versionStartIncluding": "16.12"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4521953-E027-498C-8484-A4E76A737347",
            "versionEndExcluding": "17.3.4a",
            "versionStartIncluding": "17.3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3248706E-3F8C-4F74-900E-3302ACF2E716",
            "versionEndExcluding": "17.4.2",
            "versionStartIncluding": "17.4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DEEA69A-4557-409E-A0EC-981F2C7C828A",
            "versionEndExcluding": "2.9.18",
            "versionStartIncluding": "2.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References