The vulnerability found in the Ethernet Frame Decoder component of Snort. It will impacts all versions of the popular open source intrusion prevention and intrusion detection system (IPS/IDS) prior to 2.9.17, said Cisco. (3-3-2021)

Preface: Snort is an open-source, free and lightweight network intrusion detection.The Snort Subscriber Ruleset is developed, tested, and approved by Cisco Talos.

Background: Sourcefire, Inc was a technology company that developed network security hardware and software. The company’s Firepower network security appliances were based on Snort. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger —
which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system.

Vulnerability details: CVE-2021-1285 can be exploited by an unauthenticated, adjacent attacker. The attacker is on the same layer 2 domain as the victim — to cause a device to enter a DoS condition by sending it specially crafted Ethernet frames. A successful exploit could allow the attacker to exhaust disk space on the affected device. Whereby it create denial of service attack.

Official Announcement

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.