cisco firepower-management-center CVE-2021-40114 in Cisco and Snort Products
Published on October 27, 2021

Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability

product logo product logo
Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.

Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-40114 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.


Products Associated with CVE-2021-40114

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-40114 are published in these products:

Cisco Firepower Management Center
 
Cisco Firepower Threat Defense
 
Cisco Unified Threat Defense
 
Snort
 
Cisco Secure Firewall Management Center
 

Affected Versions

Cisco Firepower Threat Defense Software Version n/a is affected by CVE-2021-40114

Exploit Probability

EPSS
3.42%
Percentile
87.21%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.