CVE-2021-40114

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.

Severity	MEDIUM
CVSS	6.8
CWE	CWE-770
KEV
Published	4 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco UTD SNORT IPS Engine Software	cisco-sa-snort-dos-s2R7W9UU
Cisco Secure Firewall Threat Defense Virtual	cisco-sa-snort-dos-s2R7W9UU
Cisco Secure Firewall Threat Defense (FTD) Software	cisco-sa-snort-dos-s2R7W9UU
Cisco Firepower Threat Defense Software	cisco-sa-snort-dos-s2R7W9UU
Cisco Firepower 9000 Series	cisco-sa-snort-dos-s2R7W9UU
Cisco Firepower 4100 Series	cisco-sa-snort-dos-s2R7W9UU
Cisco Firepower 2100 Series	cisco-sa-snort-dos-s2R7W9UU
Cisco Firepower 1000 Series	cisco-sa-snort-dos-s2R7W9UU
Cisco ASA 5500-X Series Firewalls	cisco-sa-snort-dos-s2R7W9UU
Cisco 3000 Series Industrial Security Appliances (ISA)	cisco-sa-snort-dos-s2R7W9UU