CVE-2023-20270
Vulnerability from cvelistv5
Published
2023-11-01 16:51
Modified
2024-08-02 09:05
Summary
A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-ftd-smbsnort3-dos-pfOjOYUV",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-smbsnort3-dos-pfOjOYUV"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "7.1.0.1"
            },
            {
              "status": "affected",
              "version": "7.1.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.0.3"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:58:37.172Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ftd-smbsnort3-dos-pfOjOYUV",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-smbsnort3-dos-pfOjOYUV"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ftd-smbsnort3-dos-pfOjOYUV",
        "defects": [
          "CSCwe19286"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20270",
    "datePublished": "2023-11-01T16:51:13.156Z",
    "dateReserved": "2022-10-27T18:47:50.373Z",
    "dateUpdated": "2024-08-02T09:05:36.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-20270\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-11-01T17:15:11.783\",\"lastModified\":\"2024-01-25T17:15:43.070\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interacci\u00f3n entre el preprocesador del protocolo Server Message Block (SMB) y el motor de detecci\u00f3n Snort 3 para el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto no autenticado omita las pol\u00edticas configuradas o provoque una Denegaci\u00f3n de Servicio (DoS) condici\u00f3n en un dispositivo afectado. Esta vulnerabilidad se debe a una verificaci\u00f3n de errores incorrecta cuando el motor de detecci\u00f3n de Snort 3 procesa el tr\u00e1fico SMB. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un flujo de paquetes SMB manipulado a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el proceso Snort se recargue, lo que resultar\u00eda en una condici\u00f3n DoS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D619BF54-1BA9-45D0-A876-92D7010088A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"469EA365-DED5-4436-AAC2-5553529DE700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D94F400-5A35-41F5-B37F-E9DA6F87ED8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5364CB94-BEA3-4E9A-A2F9-EE96A2D7F8AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FD5D12-CF1A-4990-99B3-1840EFBA5611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F788D156-1F1F-4A08-848B-257BC4CCE000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"795ED164-7800-4D50-8E37-665BE30190D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B0664B8-1670-4F47-A01E-089D05A9618A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC0C3DC-4761-488A-90A9-6EA45EE61526\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62EE065B-F8B6-4125-8486-B2EE0566B27A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:7.3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5245DEF8-64BE-47C9-AA3C-DF3F7F92A89F\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-smbsnort3-dos-pfOjOYUV\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.