VDB
CVE-2021-34749
CVE-2021-34749
PUBLISHED
A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.
EPSS 2.20% · 84.7th percentile
Risk Scores
EPSS Score
2.20%
84.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | snort | 2.9.7.0-5, 0 |
| Ubuntu:18.04:LTS | snort | 0, 2.9.7.0-5build1, 2.9.7.0-5 |
| Ubuntu:20.04:LTS | snort | 2.9.7.0-5build1, 0 |
| Ubuntu:22.04:LTS | snort | 2.9.15.1-6build1, 2.9.15.1-6, 0 |
| Ubuntu:14.04:LTS | snort | 2.9.2.2-3, 2.9.6.0-0ubuntu1, 0 |
Exploit Intelligence
Timeline
- Aug 18, 2021 CVE Published
- Aug 19, 2021 EPSS Score
- Oct 16, 2021 EPSS Score
- Dec 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jun 7, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Nov 30, 2022 EPSS Score
- Jan 28, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-34749 third-party-advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-34749 third-party-advisory