Is CVE-2021-1495 actively exploited?

CVE-2021-1495 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-1495?

CVE-2021-1495 has a CVSS score of 5.8 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

How do I patch CVE-2021-1495?

Patch guidance is available from cisco security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-1495.

CVE-2021-1495 - remediation guidance & executive summary

Q: Which products are affected by CVE-2021-1495?

7 products: cisco firepower threat defense, cisco firepower threat defense, cisco firepower threat defense, cisco ios xe, snort snort, and 2 more.

Description

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: none
Weaknesses: CWE-755

Metadata

Primary Vendor: CISCO
Published: 4/29/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

cisco : firepower_threat_defensecisco : firepower_threat_defensecisco : firepower_threat_defensecisco : ios_xesnort : snortcisco : ios_xecisco : ios_xe

Remediation Guidance

Executive Summary

View on NIST NVD