CVE-2022-20943

Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.

 These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition.

 Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information.

 Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.
Heap Inspection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
ciscoCNA
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
ciscofirepower_threat_defense
7.0.0
ciscofirepower_threat_defense
7.0.0.1
ciscofirepower_threat_defense
7.0.1
ciscofirepower_threat_defense
7.0.1.1
ciscocyber_vision
3.0.0
ciscocyber_vision
3.0.1
ciscocyber_vision
3.0.2
ciscocyber_vision
3.0.3
ciscocyber_vision
3.0.5
ciscocyber_vision
3.0.6
ciscocyber_vision
3.1.0
ciscocyber_vision
3.1.1
ciscocyber_vision
3.1.2
ciscocyber_vision
3.2.0
ciscocyber_vision
3.2.1
ciscocyber_vision
3.2.2
ciscocyber_vision
3.2.3
ciscocyber_vision
3.2.4
ciscocyber_vision
4.0.0
ciscocyber_vision
4.0.1
ciscocyber_vision
4.0.2
ciscocyber_vision
4.0.3
ciscocyber_vision
4.1.0
ciscocyber_vision
4.1.1
ciscomeraki_mx_security_appliance_firmware
𝑥
< 16.6.7
ciscomeraki_mx_security_appliance_firmware
17.0 ≤
𝑥
< 17.11.1
ciscomeraki_mx_security_appliance_firmware
18.0 ≤
𝑥
< 18.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr