What is CVE-2021-34749?

CVE-2021-34749 is a medium-severity vulnerability in Cisco Web Security Appliance (Wsa), classified under Information Disclosure. CVSS score: 5.8/10. Published 2021-08-18.

How severe is CVE-2021-34749?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Information disclosure in Cisco Web Security Appliance (Wsa)

CVE-2021-34749

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass fil…

Vulnerability class: Information Disclosure

EPSS: 0.022 (84.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Cisco Web Security Appliance (Wsa) — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20210818 Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability (vendor-advisory)
[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update (mailing-list)
DSA-5354 (vendor-advisory)

Frequently asked questions

What is CVE-2021-34749?: CVE-2021-34749 is a medium-severity vulnerability in Cisco Web Security Appliance (Wsa), classified under Information Disclosure. CVSS score: 5.8/10. Published 2021-08-18.
How severe is CVE-2021-34749?: Medium severity. CVSS v3 base score is 5.8 out of 10.