Home > Vulnerability Database > CVE-2021-40114

Mend.io Vulnerability Database

CVE-2021-40114

Date: October 27, 2021

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.

Severity Score

7.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-40114

Url: https://security.alpinelinux.org/vuln/CVE-2021-40114

Url: https://www.debian.org/security/2023/dsa-5354

Url: https://security-tracker.debian.org/tracker/CVE-2021-40114

Url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU

Url: https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html

Url: https://www.mend.io/vulnerability-database/CVE-2021-40114

Severity Score

7.5

Weakness Type (CWE)

Missing Release of Memory after Effective Lifetime

CWE-401

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-40114

Date: October 27, 2021

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?