Vulnerability Details : CVE-2021-1223

CVE Name: CVE-2021-1223: Bypass Something vulnerability on Cisco Firepower Management Center, Cisco Firepower Threat Defense, Cisco Ios Xe, Cisco Isr 4221, Cisco Isr 4331, Cisco Csr 1000V, Cisco Isr 4321, Cisco Isr 4351, Cisco Isa 3000, Cisco Isr 1111X 8P, Cisco Isr 1100 8P, Cisco Isr 1100 4P, Cisco Isr 1101 4P, Cisco Isr 1109 4P, Cisco Isr 1109 2P, Cisco Isr 4431, Cisco Isr 4461, Cisco Isr 4451 X, Snort Snort
Description: Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.
Publish date: 2021-01-13T22:15Z
Last Update: 2022-08-05T19:26Z

CVSS Scores & Vulnerability Types

CVSS Score
Confidentiality ImpactNONE
Integrity ImpactHIGH
Availability ImpactNONE
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Vulnerability Type(s)Bypass Something

Detail of Verions Affected

# Product Type Vendor Product Version
1 Application Cisco Firepower Management Center
2 Application Cisco Firepower Management Center 2.9.15
3 Application Cisco Firepower Management Center 2.9.16
4 Application Cisco Firepower Threat Defense *
5 Operating System Cisco Ios Xe *
6 Hardware Cisco Isr 4221
7 Hardware Cisco Isr 4331
8 Hardware Cisco Csr 1000V
9 Hardware Cisco Isr 4321
10 Hardware Cisco Isr 4351
11 Hardware Cisco Isa 3000
12 Hardware Cisco Isr 1111X 8P
13 Hardware Cisco Isr 1100 8P
14 Hardware Cisco Isr 1100 4P
15 Hardware Cisco Isr 1101 4P
16 Hardware Cisco Isr 1109 4P
17 Hardware Cisco Isr 1109 2P
18 Hardware Cisco Isr 4431
19 Hardware Cisco Isr 4461
20 Hardware Cisco Isr 4451 X
21 Application Snort Snort *