CVE-2023-20246
Key Information
- Vendor
- Cisco
- Status
- Cisco Firepower Threat Defense Software
- Cisco Umbrella Insights Virtual Appliance
- Vendor
- CVE Published:
- 1 November 2023
Badges
Summary
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.
Affected Version(s)
Cisco Firepower Threat Defense Software = 7.0.0
Cisco Firepower Threat Defense Software = 7.0.0.1
Cisco Firepower Threat Defense Software = 7.0.1
CVSS V3.1
Timeline
- 👾
Exploit exists.
Risk change from: 5.3 to: 5.8 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.