Cisco announced this week that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine.
The vulnerability resides in the Ethernet Frame Decoder of the Snort detection engine.
The vulnerability, tracked as CVE-2021-1285, can be exploited by an unauthenticated, adjacent attacker to trigger a DoS condition by sending it specially crafted Ethernet frames.
“The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device.” reads the advisory published by Cisco. “A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.”
The vulnerability has been rated high severity and received a CVSS score of 7.4.
The CVE-2021-1285 flaw affects all open source Snort project releases earlier than release 2.9.17.
The flaw affects multiple Cisco products running a vulnerable release of Cisco UTD Snort IPS Engine Software for IOS XE or Cisco UTD Engine for IOS XE SD-WAN Software and that are configured to pass Ethernet frames to the Snort detection engine:
The vulnerability does not affect the following Cisco products:
Cisco has no evidence that this vulnerability has been exploited in malicious attacks.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Snort)