Multiple Vulnerabilities in Cisco's Snort Detection Engine Affecting SMB2 Traffic
CVE-2022-20922

5.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Firepower Threat Defense Software; Cisco Umbrella Insights Virtual Appliance; Cisco Cyber Vision
Vendor: CVE Published:; 15 November 2022

Badges

👾 Exploit Exists

What is CVE-2022-20922?

Multiple vulnerabilities within the Server Message Block Version 2 (SMB2) processing capabilities of Cisco's Snort detection engine could be exploited by an unauthenticated remote attacker. By sending a high volume of specific SMB2 packets, attackers can disrupt the service by forcing the Snort process to reload, leading to a denial of service (DoS) condition. Furthermore, if the Snort preserve-connection option is enabled—default for Snort 3—attackers may also bypass existing security policies, allowing malicious payloads to infiltrate the protected network.

Affected Version(s)

Cisco Cyber Vision 3.0.4

Cisco Cyber Vision 3.0.0

Cisco Cyber Vision 3.0.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Nov 2, 2021