CVE-2021-34749

CVE Database · CVE-2021-34749

CVE-2021-34749

· MEDIUMModified

CVSS v3.1

5.8

EPSS

1.68%

Published

Aug 18, 2021

Modified

Nov 26, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Weaknesses (CWE)

CWE-200CWE-200

Affected Products (6)

cisco · ironport_web_security_appliancevulnerable

cisco · secure_firewall_management_centervulnerable

cisco · firepower_management_center_virtual_appliance_firmwarevulnerable

References (6)

https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN

PatchVendor Advisory

https://www.debian.org/security/2023/dsa-5354

https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN

PatchVendor Advisory

https://www.debian.org/security/2023/dsa-5354

KEV Catalog EPSS Scores Vendors All CVEs