Bypass Vulnerability in Cisco Snort Intrusion Prevention System
CVE-2024-20363

Currently unrated

Key Information:

Vendor
Cisco
Status
Snort Intrusion Prevention System
Vendor
CVE Published:
22 May 2024

Badges

📰 News Worthy

Summary

A vulnerability exists in the Snort Intrusion Prevention System (IPS) rule engine of multiple Cisco products that could be exploited by an unauthenticated remote attacker. This issue arises from inadequate handling of malformed HTTP packets, enabling attackers to bypass established IPS rules. By sending crafted HTTP requests through vulnerable systems, an attacker may gain the ability to allow uninspected traffic access to the network, potentially compromising security measures in place. Organizations using affected Cisco Snort IPS versions should assess their risk and apply applicable updates.

News Articles

favicon imageRewterz

Multiple Cisco Products Vulnerabilities - Rewterz

Cisco Firepower Management Center Software is vulnerable to SQL injection.

8 months ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

Timeline

  • 📰

    First article discovered by Rewterz

  • Vulnerability published

.