CVE-2021-34749 MEDIUM

CVE-2021-34749: Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability

Vendor Cisco
Product Cisco Web Security Appliance (WSA)
Weakness CWE-200 · Info exposure
Published August 18, 2021
Last update November 7, 2024
View on NVD All CVEs

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.

Key dates

02Disclosure timeline

August 18, 2021 CVE published
November 7, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-25591 WordPress WP Editor plugin <=1.2.7 - Sensitive Data Exposure vulnerability CVE-2026-45387 Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage) CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse CVE-2025-24884 kube-audit-rest's example logging configuration could disclose secret values in the audit log CVE-2024-35166 WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability