CVE-2024-20363

22.05.2024, 17:16

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.8 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
cisco	CNA	5.8 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
cisco	firepower_threat_defense	7.4.0
cisco	unified_threat_defense_snort_intrusion_prevention_system_engine	17.6.4
cisco	unified_threat_defense_snort_intrusion_prevention_system_engine	17.6.5
cisco	unified_threat_defense_snort_intrusion_prevention_system_engine	17.12.1a:a
cisco	unified_threat_defense_snort_intrusion_prevention_system_engine	17.12.2
cisco	snort	3.0.0-233 ≤ 𝑥 < 3.1.69.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd