Cisco Security Advisory - Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability

[Netwörkheäd]

Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability

A vulnerability in the web filtering features of multiple Cisco products could allow an unauthenticated, remote attacker to bypass web reputation filters and threat detection mechanisms on an affected device and exfiltrate data from a compromised host to a blocked external server.

This vulnerability is due to inadequate inspection of the Server Name Identification (SNI) header in the SSL/TLS handshake. An attacker could exploit this vulnerability by using data from the TLS client hello packet to communicate with a blocked external server. A successful exploit could be used to exfiltrate data from a protected network. The attacker must compromise a host on the network to exfiltrate the sensitive data.

The following Snort rule can be used to detect possible exploitation of this vulnerability: Snort SID 58062.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN

     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2021-34749
Source: Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability