中危 多款Cisco产品Snort TCP Fast Open文件策略绕过漏洞(CVE-2021-1224)
CVE编号
CVE-2021-1224利用情况
暂无补丁情况
官方补丁披露时间
2021-01-14漏洞描述
Cisco 3000 Series Industrial Security Appliances是3000系列工业防火墙。Cisco 4000 Series Integrated Services Routers(ISRS)是4000系列企业级多业务路由器。Cisco Cloud Services Router 1000V Series是一款1000v系列云服务路由软件。 多款Cisco产品的Snort检测引擎存在文件策略绕过漏洞。该漏洞源于程序未对HTTP有效负载进行正确检测。未经身份认证的远程攻击者可通过向受影响设备发送带有HTTP有效负载的特制TFO数据包利用该漏洞绕过HTTP数据包的已配置文件策略。 受影响系统: Cisco Firepower Threat Defense Software Cisco 3000 Series Industrial Security Appliances (ISAs) Cisco 1000 Series Integrated Services Routers Cisco Cloud Services Router 1000V Series Cisco 4000 Series Integrated Services Routers Cisco Integrated Services Virtual Routers Cisco Meraki MX64 Cisco Meraki MX64W Cisco Meraki MX67 Cisco Meraki MX67C Cisco Meraki MX67W Cisco Meraki MX68 Cisco Meraki MX68CW Cisco Meraki MX68W Cisco Meraki MX100 Cisco Meraki MX84 Cisco Meraki MX250 Cisco Meraki MX450解决建议
Cisco已经为此发布了一个安全公告(cisco-sa-snort-tfo-bypass-MmzZrtes)以及相应补丁:链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes
参考链接 |
|
|---|---|
| https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... | |
| https://www.debian.org/security/2023/dsa-5354 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | cisco | firepower_management_center | 2.9.14.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | firepower_management_center | 2.9.15 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | firepower_management_center | 2.9.16 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | firepower_management_center | 2.9.17 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | firepower_management_center | 2.9.18 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | firepower_management_center | 3.0.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | cisco | firepower_threat_defense | * | Up to (excluding) 6.7.0 | |||||
| 运行在以下环境 | |||||||||
| 应用 | snort | snort | * | Up to (excluding) 2.9.17 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | snort | * | Up to (excluding) 2.9.20-0+deb10u1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | snort | * | Up to (excluding) 2.9.20-0+deb11u1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | snort | * | Up to (including) 2.9.15.1-6 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | snort | * | Up to (including) 2.9.7.0-5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | snort | * | Up to (including) 2.9.15.1-6 | |||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-269 | 特权管理不恰当 |
| NVD-CWE-Other |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论