Cisco Snort Detection Engine Vulnerability Could Lead to DoS Conditions
CVE-2022-20685

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Cyber Vision
Cisco Firepower Threat Defense Software
Cisco Utd Snort Ips Engine Software
Vendor
CVE Published:
15 November 2024

Badges

👾 Exploit Exists

Summary

A vulnerability exists within the Modbus preprocessor of the Snort detection engine which could enable an unauthenticated remote attacker to exploit the device, resulting in a denial of service condition. The root cause lies in an integer overflow that occurs when the system processes Modbus traffic. By sending specially crafted Modbus messages, an attacker can induce the Snort process to become unresponsive, leading to a halt in traffic inspection. Cisco has issued software updates addressing this vulnerability, with no applicable workarounds available.

Affected Version(s)

Cisco Cyber Vision 3.0.0

Cisco Cyber Vision 3.0.2

Cisco Cyber Vision 3.0.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.