CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
57.2%
Software: snort 2.9.16
OS: Cobalt 7.9
CVE-ID: CVE-2021-1223
CVE-Crit: HIGH
CVE-DESC: Several Cisco products are affected by a vulnerability in the Snort discovery engine that could allow an unauthenticated remote attacker to bypass the configured file policy for HTTP. The vulnerability is related to incorrect handling of the HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through a vulnerable device. A successful exploit could allow an attacker to bypass the configured file policy for HTTP packets and deliver a malicious payload.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2021-1224
CVE-Crit: MEDIUM
CVE-DESC: Several Cisco products are prone to a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort discovery mechanism, which could allow an unauthenticated remote attacker to bypass the configured file policy for HTTP. The vulnerability occurs due to misidentification of the HTTP payload if it is at least partially contained in the TFO connection handshake. An attacker can exploit this vulnerability by sending crafted TFO packets with the HTTP payload through a vulnerable device. A successful exploit could allow an attacker to bypass the configured file policy for HTTP packets and deliver a malicious payload.
CVE-STATUS: Default
CVE-REV: Default
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
57.2%