Vulnerability in the Snort Detection Engine for Cisco Products
CVE-2022-20943

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Firepower Threat Defense Software
Cisco Cyber Vision
Vendor
CVE Published:
15 November 2022

Badges

đź‘ľ Exploit Exists

Summary

Multiple security vulnerabilities exist within the Snort detection engine of various Cisco products, specifically when handling Server Message Block Version 2 (SMB2) traffic. These vulnerabilities stem from the ineffective management of system resources, allowing unauthenticated attackers to exploit the processing of SMB2 packets. A successful exploitation could lead to a denial of service (DoS), as the Snort process may reload under certain conditions. Furthermore, if the 'preserve-connection' option is enabled—which is the default setting—attackers may bypass configured security policies and inject malicious payloads into the protected network. Note that this affects products only when configured with Snort 3; those using Snort 2 remain unaffected. For further details, refer to Cisco's advisory.

Affected Version(s)

Cisco Cyber Vision 3.0.4

Cisco Cyber Vision 3.0.0

Cisco Cyber Vision 3.0.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • đź‘ľ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.