Vulnerability Description
Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Firepower Threat Defense | < 6.4.0.12 |
| Cisco | Secure Firewall Management Center | 2.9.14.0 |
| Cisco | Unified Threat Defense | >= 16.12, < 16.12.6 |
| Snort | Snort | >= 2.0.0, < 2.9.18 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
- https://www.debian.org/security/2023/dsa-5354
- https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
- https://www.debian.org/security/2023/dsa-5354
FAQ
What is CVE-2021-40114?
CVE-2021-40114 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (...
How severe is CVE-2021-40114?
CVE-2021-40114 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40114?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firepower Threat Defense, Cisco Secure Firewall Management Center, Cisco Unified Threat Defense, Snort Snort.