Search criteria
7 vulnerabilities found for snort by cisco
VAR-202110-1352
Vulnerability from variot - Updated: 2025-07-07 21:42Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable. plural Cisco products and Snort Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.0.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "snort",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5.1"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.13"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0.3"
},
{
"model": "snort",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.0.100"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "snort",
"scope": null,
"trust": 0.8,
"vendor": "snort",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"cve": "CVE-2021-40116",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-40116",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-401509",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40116",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40116",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-40116",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40116",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@cisco.com",
"id": "CVE-2021-40116",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-40116",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1965",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-401509",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-40116",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable. plural Cisco products and Snort Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40116",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021102918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3600",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-401509",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-40116",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"id": "VAR-202110-1352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-401509"
}
],
"trust": 0.01
},
"last_update_date": "2025-07-07T21:42:43.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.snort.org/"
},
{
"title": "Cisco Products Snort Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167516"
},
{
"title": "Cisco: Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-snort-dos-RywH7ezM"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-241",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-snort-dos-rywh7ezm"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40116"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3600"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102918"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/snort-denial-of-service-via-block-with-reset-36734"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-401509"
},
{
"date": "2021-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"date": "2022-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"date": "2021-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"date": "2021-10-27T19:15:08.717000",
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-401509"
},
{
"date": "2021-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"date": "2022-10-12T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"date": "2025-07-07T12:40:02.540000",
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Cisco\u00a0 products and \u00a0Snort\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
}
],
"trust": 0.6
}
}
CVE-2024-20342 (GCVE-0-2024-20342)
Vulnerability from nvd – Published: 2024-10-23 17:09 – Updated: 2025-01-13 17:46
VLAI?
Title
Cisco Firepower Threat Defense Software Rate Filter Bypass Vulnerability
Summary
Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.
This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device.
Severity ?
5.8 (Medium)
CWE
- CWE-1025 - Comparison Using Wrong Factors
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
7.0.0
Affected: 7.0.0.1 Affected: 7.0.1 Affected: 7.1.0 Affected: 7.0.1.1 Affected: 7.1.0.1 Affected: 7.0.2 Affected: 7.2.0 Affected: 7.0.2.1 Affected: 7.0.3 Affected: 7.1.0.2 Affected: 7.2.0.1 Affected: 7.0.4 Affected: 7.2.1 Affected: 7.0.5 Affected: 7.3.0 Affected: 7.2.2 Affected: 7.2.3 Affected: 7.3.1 Affected: 7.1.0.3 Affected: 7.2.4 Affected: 7.0.6 Affected: 7.2.5 Affected: 7.2.4.1 Affected: 7.3.1.1 Affected: 7.4.0 Affected: 7.0.6.1 Affected: 7.2.5.1 Affected: 7.4.1 Affected: 7.4.1.1 Affected: 7.2.5.2 Affected: 7.3.1.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.4.1.1",
"status": "affected",
"version": "6.7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T18:42:45.746828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T15:08:36.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.4"
},
{
"status": "affected",
"version": "7.0.6"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.2.4.1"
},
{
"status": "affected",
"version": "7.3.1.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.0.6.1"
},
{
"status": "affected",
"version": "7.2.5.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.1"
},
{
"status": "affected",
"version": "7.2.5.2"
},
{
"status": "affected",
"version": "7.3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.\u0026nbsp;\r\n\r\nThis vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1025",
"description": "Comparison Using Wrong Factors",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:46:29.797Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort-rf-bypass-OY8f3pnM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM"
}
],
"source": {
"advisory": "cisco-sa-snort-rf-bypass-OY8f3pnM",
"defects": [
"CSCwf93293"
],
"discovery": "INTERNAL"
},
"title": "Cisco Firepower Threat Defense Software Rate Filter Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20342",
"datePublished": "2024-10-23T17:09:27.934Z",
"dateReserved": "2023-11-08T15:08:07.643Z",
"dateUpdated": "2025-01-13T17:46:29.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20363 (GCVE-0-2024-20363)
Vulnerability from nvd – Published: 2024-05-22 16:52 – Updated: 2024-08-01 21:59
VLAI?
Summary
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.
Severity ?
5.8 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
7.4.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.6.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.6.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.6.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.12.1a:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.12.2:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:52:45.758246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:03.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
},
{
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "Authentication Bypass by Spoofing",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T16:52:53.274Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd"
}
],
"source": {
"advisory": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"defects": [
"CSCwh22565",
"CSCwh73244"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20363",
"datePublished": "2024-05-22T16:52:53.274Z",
"dateReserved": "2023-11-08T15:08:07.651Z",
"dateUpdated": "2024-08-01T21:59:42.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40116 (GCVE-0-2021-40116)
Vulnerability from nvd – Published: 2021-10-27 18:56 – Updated: 2024-11-07 21:45
VLAI?
Title
Multiple Cisco Products Snort Rule Denial of Service Vulnerability
Summary
Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211027 Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-40116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:44:24.760230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:45:31.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-241",
"description": "CWE-241",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T18:56:42",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211027 Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM"
}
],
"source": {
"advisory": "cisco-sa-snort-dos-RywH7ezM",
"defect": [
[
"CSCvy66065"
]
],
"discovery": "INTERNAL"
},
"title": "Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-27T16:00:00",
"ID": "CVE-2021-40116",
"STATE": "PUBLIC",
"TITLE": "Multiple Cisco Products Snort Rule Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Threat Defense Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-241"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211027 Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM"
}
]
},
"source": {
"advisory": "cisco-sa-snort-dos-RywH7ezM",
"defect": [
[
"CSCvy66065"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-40116",
"datePublished": "2021-10-27T18:56:42.934548Z",
"dateReserved": "2021-08-25T00:00:00",
"dateUpdated": "2024-11-07T21:45:31.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20342 (GCVE-0-2024-20342)
Vulnerability from cvelistv5 – Published: 2024-10-23 17:09 – Updated: 2025-01-13 17:46
VLAI?
Title
Cisco Firepower Threat Defense Software Rate Filter Bypass Vulnerability
Summary
Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.
This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device.
Severity ?
5.8 (Medium)
CWE
- CWE-1025 - Comparison Using Wrong Factors
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
7.0.0
Affected: 7.0.0.1 Affected: 7.0.1 Affected: 7.1.0 Affected: 7.0.1.1 Affected: 7.1.0.1 Affected: 7.0.2 Affected: 7.2.0 Affected: 7.0.2.1 Affected: 7.0.3 Affected: 7.1.0.2 Affected: 7.2.0.1 Affected: 7.0.4 Affected: 7.2.1 Affected: 7.0.5 Affected: 7.3.0 Affected: 7.2.2 Affected: 7.2.3 Affected: 7.3.1 Affected: 7.1.0.3 Affected: 7.2.4 Affected: 7.0.6 Affected: 7.2.5 Affected: 7.2.4.1 Affected: 7.3.1.1 Affected: 7.4.0 Affected: 7.0.6.1 Affected: 7.2.5.1 Affected: 7.4.1 Affected: 7.4.1.1 Affected: 7.2.5.2 Affected: 7.3.1.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.4.1.1",
"status": "affected",
"version": "6.7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T18:42:45.746828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T15:08:36.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.4"
},
{
"status": "affected",
"version": "7.0.6"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.2.4.1"
},
{
"status": "affected",
"version": "7.3.1.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.0.6.1"
},
{
"status": "affected",
"version": "7.2.5.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.1"
},
{
"status": "affected",
"version": "7.2.5.2"
},
{
"status": "affected",
"version": "7.3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.\u0026nbsp;\r\n\r\nThis vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1025",
"description": "Comparison Using Wrong Factors",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:46:29.797Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort-rf-bypass-OY8f3pnM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM"
}
],
"source": {
"advisory": "cisco-sa-snort-rf-bypass-OY8f3pnM",
"defects": [
"CSCwf93293"
],
"discovery": "INTERNAL"
},
"title": "Cisco Firepower Threat Defense Software Rate Filter Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20342",
"datePublished": "2024-10-23T17:09:27.934Z",
"dateReserved": "2023-11-08T15:08:07.643Z",
"dateUpdated": "2025-01-13T17:46:29.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20363 (GCVE-0-2024-20363)
Vulnerability from cvelistv5 – Published: 2024-05-22 16:52 – Updated: 2024-08-01 21:59
VLAI?
Summary
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.
Severity ?
5.8 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
7.4.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.6.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.6.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.6.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.12.1a:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.12.2:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:52:45.758246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:03.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
},
{
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "Authentication Bypass by Spoofing",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T16:52:53.274Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd"
}
],
"source": {
"advisory": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"defects": [
"CSCwh22565",
"CSCwh73244"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20363",
"datePublished": "2024-05-22T16:52:53.274Z",
"dateReserved": "2023-11-08T15:08:07.651Z",
"dateUpdated": "2024-08-01T21:59:42.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40116 (GCVE-0-2021-40116)
Vulnerability from cvelistv5 – Published: 2021-10-27 18:56 – Updated: 2024-11-07 21:45
VLAI?
Title
Multiple Cisco Products Snort Rule Denial of Service Vulnerability
Summary
Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211027 Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-40116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:44:24.760230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:45:31.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-241",
"description": "CWE-241",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T18:56:42",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211027 Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM"
}
],
"source": {
"advisory": "cisco-sa-snort-dos-RywH7ezM",
"defect": [
[
"CSCvy66065"
]
],
"discovery": "INTERNAL"
},
"title": "Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-27T16:00:00",
"ID": "CVE-2021-40116",
"STATE": "PUBLIC",
"TITLE": "Multiple Cisco Products Snort Rule Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Threat Defense Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-241"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211027 Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM"
}
]
},
"source": {
"advisory": "cisco-sa-snort-dos-RywH7ezM",
"defect": [
[
"CSCvy66065"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-40116",
"datePublished": "2021-10-27T18:56:42.934548Z",
"dateReserved": "2021-08-25T00:00:00",
"dateUpdated": "2024-11-07T21:45:31.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}