VDB
CVE-2021-34754
CVE-2021-34754
PUBLISHED
CVSS 5.800000190734863 MEDIUM
Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet.
EPSS 0.12% · 30.3th percentile
Risk Scores
CVSS 3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.12%
30.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software | n/a |
| cisco | firepower_threat_defense | 6.4.0, 6.6.0, 6.7.0 |
| cisco | secure_firewall_management_center | 2.9.12, 2.9.16, 2.9.17 |
Exploit Intelligence
Timeline
- Oct 27, 2021 CVE Published
- Oct 28, 2021 EPSS Score
- Dec 23, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 14, 2022 EPSS Score
- Jun 9, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Sep 30, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
- Jan 20, 2023 EPSS Score