Search criteria
6 vulnerabilities found for unified_threat_defense_snort_intrusion_prevention_system_engine by cisco
CVE-2022-20685 (GCVE-0-2022-20685)
Vulnerability from nvd – Published: 2024-11-15 15:36 – Updated: 2025-01-27 17:48
VLAI?
Title
Multiple Cisco Products Snort Modbus Denial of Service Vulnerability
Summary
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Cyber Vision |
Affected:
3.0.0
Affected: 3.0.2 Affected: 3.0.3 Affected: 3.0.1 Affected: 3.1.0 Affected: 3.0.4 Affected: 3.1.1 Affected: 3.1.2 Affected: 3.2.0 Affected: 3.0.5 Affected: 3.2.1 Affected: 3.0.6 Affected: 3.2.2 Affected: 3.2.3 Affected: 3.2.4 Affected: 4.0.0 Affected: 4.0.1 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-20685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:20:05.316414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:48:32.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Cyber Vision",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.4"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.0.5"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.0.6"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.2.3.14"
},
{
"status": "affected",
"version": "6.4.0.1"
},
{
"status": "affected",
"version": "6.2.3.7"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.4.0.2"
},
{
"status": "affected",
"version": "6.2.3.9"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.4.0.5"
},
{
"status": "affected",
"version": "6.2.3.10"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.0.3"
},
{
"status": "affected",
"version": "6.2.3.6"
},
{
"status": "affected",
"version": "6.4.0.4"
},
{
"status": "affected",
"version": "6.2.3.15"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.8"
},
{
"status": "affected",
"version": "6.4.0.6"
},
{
"status": "affected",
"version": "6.2.3.11"
},
{
"status": "affected",
"version": "6.2.3.12"
},
{
"status": "affected",
"version": "6.2.3.13"
},
{
"status": "affected",
"version": "6.4.0.7"
},
{
"status": "affected",
"version": "6.4.0.8"
},
{
"status": "affected",
"version": "6.6.0"
},
{
"status": "affected",
"version": "6.4.0.9"
},
{
"status": "affected",
"version": "6.2.3.16"
},
{
"status": "affected",
"version": "6.6.0.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.4.0.10"
},
{
"status": "affected",
"version": "6.7.0"
},
{
"status": "affected",
"version": "6.4.0.11"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.0.1"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "6.4.0.12"
},
{
"status": "affected",
"version": "6.7.0.2"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.2.3.17"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "6.6.5"
},
{
"status": "affected",
"version": "6.2.3.18"
},
{
"status": "affected",
"version": "6.7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "Fuji-16.9.5"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "Fuji-16.9.6"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "Fuji-16.9.3"
},
{
"status": "affected",
"version": "Denali-16.3.7"
},
{
"status": "affected",
"version": "Fuji-16.9.2"
},
{
"status": "affected",
"version": "Fuji-16.9.4"
},
{
"status": "affected",
"version": "Everest-16.6.4"
},
{
"status": "affected",
"version": "Everest-16.6.3"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "Denali-16.3.5"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "Everest-16.6.2"
},
{
"status": "affected",
"version": "16.6.7a"
},
{
"status": "affected",
"version": "Denali-16.3.4"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "Denali-16.3.9"
},
{
"status": "affected",
"version": "Denali-16.3.3"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "Fuji-16.9.7"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "Fuji-16.9.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThis vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:36:31.261Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort-dos-9D3hJLuj",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention\u003c/strong\u003e: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see \u003ca href=\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"\u003eMeet Cisco\u0026nbsp;Secure",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ"
}
],
"source": {
"advisory": "cisco-sa-snort-dos-9D3hJLuj",
"defects": [
"CSCvz27235"
],
"discovery": "EXTERNAL"
},
"title": "Multiple Cisco Products Snort Modbus Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20685",
"datePublished": "2024-11-15T15:36:31.261Z",
"dateReserved": "2021-11-02T13:28:29.055Z",
"dateUpdated": "2025-01-27T17:48:32.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20508 (GCVE-0-2024-20508)
Vulnerability from nvd – Published: 2024-09-25 16:19 – Updated: 2024-11-12 15:03
VLAI?
Title
Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability
Summary
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped.
Severity ?
5.8 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco UTD SNORT IPS Engine Software |
Affected:
17.12.1a
Affected: 17.12.2 Affected: 17.13.1a Affected: 17.12.3 Affected: 17.12.3a Affected: 17.15.1a Affected: 17.9.5a Affected: 17.6.1a Affected: 17.8.1a Affected: 17.6.2 Affected: 17.7.2 Affected: 17.12.4 Affected: 17.14.1a Affected: 17.11.1a Affected: 17.7.1a Affected: 17.6.6 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:cisco_utd_snort_ips_engine_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cisco_utd_snort_ips_engine_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.6.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:37:27.398761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:03:36.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:19:39.387Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-utd-snort3-dos-bypas-b4OUEwxD",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-utd-snort3-dos-bypas-b4OUEwxD"
}
],
"source": {
"advisory": "cisco-sa-utd-snort3-dos-bypas-b4OUEwxD",
"defects": [
"CSCwj21273"
],
"discovery": "INTERNAL"
},
"title": "Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20508",
"datePublished": "2024-09-25T16:19:39.387Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2024-11-12T15:03:36.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20363 (GCVE-0-2024-20363)
Vulnerability from nvd – Published: 2024-05-22 16:52 – Updated: 2024-08-01 21:59
VLAI?
Summary
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.
Severity ?
5.8 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
7.4.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.6.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.6.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.6.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.12.1a:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.12.2:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:52:45.758246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:03.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
},
{
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "Authentication Bypass by Spoofing",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T16:52:53.274Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd"
}
],
"source": {
"advisory": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"defects": [
"CSCwh22565",
"CSCwh73244"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20363",
"datePublished": "2024-05-22T16:52:53.274Z",
"dateReserved": "2023-11-08T15:08:07.651Z",
"dateUpdated": "2024-08-01T21:59:42.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20685 (GCVE-0-2022-20685)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:36 – Updated: 2025-01-27 17:48
VLAI?
Title
Multiple Cisco Products Snort Modbus Denial of Service Vulnerability
Summary
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Cyber Vision |
Affected:
3.0.0
Affected: 3.0.2 Affected: 3.0.3 Affected: 3.0.1 Affected: 3.1.0 Affected: 3.0.4 Affected: 3.1.1 Affected: 3.1.2 Affected: 3.2.0 Affected: 3.0.5 Affected: 3.2.1 Affected: 3.0.6 Affected: 3.2.2 Affected: 3.2.3 Affected: 3.2.4 Affected: 4.0.0 Affected: 4.0.1 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-20685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:20:05.316414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:48:32.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Cyber Vision",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.4"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.0.5"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.0.6"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.2.3.14"
},
{
"status": "affected",
"version": "6.4.0.1"
},
{
"status": "affected",
"version": "6.2.3.7"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.4.0.2"
},
{
"status": "affected",
"version": "6.2.3.9"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.4.0.5"
},
{
"status": "affected",
"version": "6.2.3.10"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.0.3"
},
{
"status": "affected",
"version": "6.2.3.6"
},
{
"status": "affected",
"version": "6.4.0.4"
},
{
"status": "affected",
"version": "6.2.3.15"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.8"
},
{
"status": "affected",
"version": "6.4.0.6"
},
{
"status": "affected",
"version": "6.2.3.11"
},
{
"status": "affected",
"version": "6.2.3.12"
},
{
"status": "affected",
"version": "6.2.3.13"
},
{
"status": "affected",
"version": "6.4.0.7"
},
{
"status": "affected",
"version": "6.4.0.8"
},
{
"status": "affected",
"version": "6.6.0"
},
{
"status": "affected",
"version": "6.4.0.9"
},
{
"status": "affected",
"version": "6.2.3.16"
},
{
"status": "affected",
"version": "6.6.0.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.4.0.10"
},
{
"status": "affected",
"version": "6.7.0"
},
{
"status": "affected",
"version": "6.4.0.11"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.0.1"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "6.4.0.12"
},
{
"status": "affected",
"version": "6.7.0.2"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.2.3.17"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "6.6.5"
},
{
"status": "affected",
"version": "6.2.3.18"
},
{
"status": "affected",
"version": "6.7.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "Fuji-16.9.5"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "Fuji-16.9.6"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "Fuji-16.9.3"
},
{
"status": "affected",
"version": "Denali-16.3.7"
},
{
"status": "affected",
"version": "Fuji-16.9.2"
},
{
"status": "affected",
"version": "Fuji-16.9.4"
},
{
"status": "affected",
"version": "Everest-16.6.4"
},
{
"status": "affected",
"version": "Everest-16.6.3"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "Denali-16.3.5"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "Everest-16.6.2"
},
{
"status": "affected",
"version": "16.6.7a"
},
{
"status": "affected",
"version": "Denali-16.3.4"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "Denali-16.3.9"
},
{
"status": "affected",
"version": "Denali-16.3.3"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "Fuji-16.9.7"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "Fuji-16.9.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThis vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:36:31.261Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort-dos-9D3hJLuj",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention\u003c/strong\u003e: Simplifying the Cisco\u0026nbsp;portfolio includes the renaming of security products under one brand: Cisco\u0026nbsp;Secure. For more information, see \u003ca href=\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"\u003eMeet Cisco\u0026nbsp;Secure",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ"
}
],
"source": {
"advisory": "cisco-sa-snort-dos-9D3hJLuj",
"defects": [
"CSCvz27235"
],
"discovery": "EXTERNAL"
},
"title": "Multiple Cisco Products Snort Modbus Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20685",
"datePublished": "2024-11-15T15:36:31.261Z",
"dateReserved": "2021-11-02T13:28:29.055Z",
"dateUpdated": "2025-01-27T17:48:32.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20508 (GCVE-0-2024-20508)
Vulnerability from cvelistv5 – Published: 2024-09-25 16:19 – Updated: 2024-11-12 15:03
VLAI?
Title
Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability
Summary
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped.
Severity ?
5.8 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco UTD SNORT IPS Engine Software |
Affected:
17.12.1a
Affected: 17.12.2 Affected: 17.13.1a Affected: 17.12.3 Affected: 17.12.3a Affected: 17.15.1a Affected: 17.9.5a Affected: 17.6.1a Affected: 17.8.1a Affected: 17.6.2 Affected: 17.7.2 Affected: 17.12.4 Affected: 17.14.1a Affected: 17.11.1a Affected: 17.7.1a Affected: 17.6.6 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:cisco_utd_snort_ips_engine_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cisco_utd_snort_ips_engine_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.6.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:37:27.398761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:03:36.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:19:39.387Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-utd-snort3-dos-bypas-b4OUEwxD",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-utd-snort3-dos-bypas-b4OUEwxD"
}
],
"source": {
"advisory": "cisco-sa-utd-snort3-dos-bypas-b4OUEwxD",
"defects": [
"CSCwj21273"
],
"discovery": "INTERNAL"
},
"title": "Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20508",
"datePublished": "2024-09-25T16:19:39.387Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2024-11-12T15:03:36.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20363 (GCVE-0-2024-20363)
Vulnerability from cvelistv5 – Published: 2024-05-22 16:52 – Updated: 2024-08-01 21:59
VLAI?
Summary
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.
Severity ?
5.8 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
7.4.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.6.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.6.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.6.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.12.1a:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.1a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:snort_intrusion_prevention_system:17.12.2:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "snort_intrusion_prevention_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.12.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:52:45.758246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:03.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.4.0"
}
]
},
{
"product": "Cisco UTD SNORT IPS Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "Authentication Bypass by Spoofing",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T16:52:53.274Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd"
}
],
"source": {
"advisory": "cisco-sa-snort3-ips-bypass-uE69KBMd",
"defects": [
"CSCwh22565",
"CSCwh73244"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20363",
"datePublished": "2024-05-22T16:52:53.274Z",
"dateReserved": "2023-11-08T15:08:07.651Z",
"dateUpdated": "2024-08-01T21:59:42.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}