CVE-2023-20246

5.8MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Firepower Threat Defense Software; Cisco Umbrella Insights Virtual Appliance
Vendor: CVE Published:; 1 November 2023

Badges

👾 Exploit Exists

Summary

Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.

Affected Version(s)

Cisco Firepower Threat Defense Software = 7.0.0

Cisco Firepower Threat Defense Software = 7.0.0.1

Cisco Firepower Threat Defense Software = 7.0.1

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit exists.
Sep 6, 2024
Risk change from: 5.3 to: 5.8 - (MEDIUM)
Sep 6, 2024
Vulnerability published.
Nov 1, 2023
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database