Multiple Vulnerabilities in Cisco's Snort Detection Engine Affecting SMB2 Traffic
CVE-2022-20922

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Firepower Threat Defense Software
Cisco Umbrella Insights Virtual Appliance
Cisco Cyber Vision
Vendor
CVE Published:
15 November 2022

Badges

đź‘ľ Exploit Exists

Summary

Multiple vulnerabilities within the Server Message Block Version 2 (SMB2) processing capabilities of Cisco's Snort detection engine could be exploited by an unauthenticated remote attacker. By sending a high volume of specific SMB2 packets, attackers can disrupt the service by forcing the Snort process to reload, leading to a denial of service (DoS) condition. Furthermore, if the Snort preserve-connection option is enabled—default for Snort 3—attackers may also bypass existing security policies, allowing malicious payloads to infiltrate the protected network.

Affected Version(s)

Cisco Cyber Vision 3.0.4

Cisco Cyber Vision 3.0.0

Cisco Cyber Vision 3.0.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • đź‘ľ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.