CVE-2021-1494

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 693

Summary

CVE-2021-1494 is a vulnerability that impacts multiple Cisco products, affecting their Snort detection engine. This issue allows unauthenticated, remote attackers to bypass HTTP file policies. The root cause is the incorrect handling of specific HTTP header parameters. An attacker could take advantage of this vulnerability by sending specially crafted HTTP packets to an affected device, potentially delivering malicious payloads and bypassing configured HTTP file policies.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Cisco IOS-XE
Cisco Firepower Threat Defense Software
Cisco 3000 Series Industrial Security Appliances
Cisco Router
Snort

Affected Vendors

Cisco Systems Inc
CliQr Technologies Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners