Unauthorized Access to Network Policies Through TCP Intercept and Snort 3 Vulnerability
CVE-2024-20407

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Firepower Threat Defense Software
Vendor
CVE Published:
23 October 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Devices that are configured with Snort 2 are not affected by this vulnerability.

This vulnerability is due to a logic error when handling embryonic (half-open) TCP connections. An attacker could exploit this vulnerability by sending a crafted traffic pattern through an affected device. A successful exploit could allow unintended traffic to enter the network protected by the affected device.

Affected Version(s)

Cisco Firepower Threat Defense Software 6.2.3

Cisco Firepower Threat Defense Software 6.2.3.1

Cisco Firepower Threat Defense Software 6.2.3.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

.