Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability
Vulnerability Description
A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Cisco Firepower Threat Defense 信息泄露漏洞
Vulnerability Description
Cisco Firepower Threat Defense(FTD)是美国思科(Cisco)公司的一套提供下一代防火墙服务的统一软件。 Cisco 多款产品存在信息泄露漏洞,该漏洞源于 SSL 握手的过滤不足。Cisco Web安全设备(WSA)、Cisco火力威胁防御(FTD)和Snort检测引擎的服务器名称识别(SNI)请求过滤漏洞可能允许未经身份验证的远程攻击者绕过受影响设备上的过滤技术,从受影响的主机窃取数据。
CVSS Information
N/A
Vulnerability Type
N/A