Vulnerability-Lookup

BDU:2024-08896

Vulnerability from fstec - Published: 23.10.2024

Title

Уязвимость функции TCP Intercept и системы обнаружения вторжений Snort микропрограммного обеспечения межсетевых экранов Cisco Firepower Threat Defense (FTD), позволяющая нарушителю обойти ограничения безопасности и выполнить атаку SYN flood

Description

Уязвимость функции TCP Intercept и системы обнаружения вторжений Snort микропрограммного обеспечения межсетевых экранов Cisco Firepower Threat Defense (FTD) связана с ошибками управления ресурсами в результате некорректно настроенного значения Maximum Embryonic TCP-соединений. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, обойти ограничения безопасности и выполнить атаку SYN flood

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Vendor

Cisco Systems Inc.

Software Name

Firepower Threat Defense

Software Version

6.2.3 (Firepower Threat Defense), 6.4.0 (Firepower Threat Defense), 6.2.3.16 (Firepower Threat Defense), 7.0.0 (Firepower Threat Defense), 7.2.0 (Firepower Threat Defense), 7.2.0.1 (Firepower Threat Defense), 6.6.0 (Firepower Threat Defense), 6.6.0.1 (Firepower Threat Defense), 6.6.1 (Firepower Threat Defense), 6.6.3 (Firepower Threat Defense), 6.6.4 (Firepower Threat Defense), 6.6.5 (Firepower Threat Defense), 6.6.5.1 (Firepower Threat Defense), 6.6.5.2 (Firepower Threat Defense), 7.0.0.1 (Firepower Threat Defense), 7.0.1 (Firepower Threat Defense), 7.0.1.1 (Firepower Threat Defense), 7.0.2 (Firepower Threat Defense), 7.0.2.1 (Firepower Threat Defense), 7.0.3 (Firepower Threat Defense), 7.0.4 (Firepower Threat Defense), 7.1.0.1 (Firepower Threat Defense), 7.1.0.2 (Firepower Threat Defense), 6.6.7 (Firepower Threat Defense), 7.0.5 (Firepower Threat Defense), 7.1.0.3 (Firepower Threat Defense), 7.2.1 (Firepower Threat Defense), 7.2.2 (Firepower Threat Defense), 7.2.3 (Firepower Threat Defense), 7.3.0 (Firepower Threat Defense), 7.3.1 (Firepower Threat Defense), 7.3.1.1 (Firepower Threat Defense), 7.2.4 (Firepower Threat Defense), 6.2.3.3 (Firepower Threat Defense), 6.2.3.4 (Firepower Threat Defense), 6.2.3.5 (Firepower Threat Defense), 6.2.3.6 (Firepower Threat Defense), 6.2.3.7 (Firepower Threat Defense), 6.2.3.8 (Firepower Threat Defense), 6.2.3.9 (Firepower Threat Defense), 6.2.3.10 (Firepower Threat Defense), 6.2.3.11 (Firepower Threat Defense), 6.2.3.12 (Firepower Threat Defense), 6.2.3.13 (Firepower Threat Defense), 6.2.3.14 (Firepower Threat Defense), 6.2.3.15 (Firepower Threat Defense), 6.2.3.17 (Firepower Threat Defense), 6.2.3.18 (Firepower Threat Defense), 6.4.0.1 (Firepower Threat Defense), 6.4.0.2 (Firepower Threat Defense), 6.4.0.3 (Firepower Threat Defense), 6.4.0.4 (Firepower Threat Defense), 6.4.0.5 (Firepower Threat Defense), 6.4.0.6 (Firepower Threat Defense), 6.4.0.7 (Firepower Threat Defense), 6.4.0.8 (Firepower Threat Defense), 6.4.0.9 (Firepower Threat Defense), 6.4.0.10 (Firepower Threat Defense), 6.4.0.11 (Firepower Threat Defense), 6.4.0.12 (Firepower Threat Defense), 6.4.0.13 (Firepower Threat Defense), 6.4.0.14 (Firepower Threat Defense), 6.4.0.15 (Firepower Threat Defense), 6.4.0.16 (Firepower Threat Defense), 6.6.7.1 (Firepower Threat Defense), 6.7.0 (Firepower Threat Defense), 6.7.0.1 (Firepower Threat Defense), 6.7.0.2 (Firepower Threat Defense), 6.7.0.3 (Firepower Threat Defense), 7.1.0 (Firepower Threat Defense), 6.2.3.1 (Firepower Threat Defense), 6.2.3.2 (Firepower Threat Defense), 7.0.6 (Firepower Threat Defense), 7.2.4.1 (Firepower Threat Defense), 7.2.5 (Firepower Threat Defense), 6.4.0.17 (Firepower Threat Defense), 7.0.6.1 (Firepower Threat Defense), 7.2.5.1 (Firepower Threat Defense), 7.4.0 (Firepower Threat Defense), 7.4.1 (Firepower Threat Defense), 7.3.1.2 (Firepower Threat Defense), 6.6.7.2 (Firepower Threat Defense), 7.0.6.2 (Firepower Threat Defense), 7.2.5.2 (Firepower Threat Defense), 7.2.8.1 (Firepower Threat Defense), 7.4.1.1 (Firepower Threat Defense), 6.4.0.18 (Firepower Threat Defense), 7.2.6 (Firepower Threat Defense), 7.2.7 (Firepower Threat Defense), 7.2.8 (Firepower Threat Defense)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-bypass-PTry37fX Компенсирующие меры: Рекомендуется отключить конфигурацию pkt-decode-optimization с помощью команды asp inspect-dp pkt-decode-optimization в интерфейсе командой строки: FTD# no asp inspect-dp pkt-decode-optimization FTD#

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-bypass-PTry37fX https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/threat_defense_service_policies.html https://www.cisco.com/c/en/us/td/docs/security/firepower/70/snort3/config-guide/snort3-configuration-guide-v70/migrating.html

CWE

CWE-399

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6.2.3 (Firepower Threat Defense), 6.4.0 (Firepower Threat Defense), 6.2.3.16 (Firepower Threat Defense), 7.0.0 (Firepower Threat Defense), 7.2.0 (Firepower Threat Defense), 7.2.0.1 (Firepower Threat Defense), 6.6.0 (Firepower Threat Defense), 6.6.0.1 (Firepower Threat Defense), 6.6.1 (Firepower Threat Defense), 6.6.3 (Firepower Threat Defense), 6.6.4 (Firepower Threat Defense), 6.6.5 (Firepower Threat Defense), 6.6.5.1 (Firepower Threat Defense), 6.6.5.2 (Firepower Threat Defense), 7.0.0.1 (Firepower Threat Defense), 7.0.1 (Firepower Threat Defense), 7.0.1.1 (Firepower Threat Defense), 7.0.2 (Firepower Threat Defense), 7.0.2.1 (Firepower Threat Defense), 7.0.3 (Firepower Threat Defense), 7.0.4 (Firepower Threat Defense), 7.1.0.1 (Firepower Threat Defense), 7.1.0.2 (Firepower Threat Defense), 6.6.7 (Firepower Threat Defense), 7.0.5 (Firepower Threat Defense), 7.1.0.3 (Firepower Threat Defense), 7.2.1 (Firepower Threat Defense), 7.2.2 (Firepower Threat Defense), 7.2.3 (Firepower Threat Defense), 7.3.0 (Firepower Threat Defense), 7.3.1 (Firepower Threat Defense), 7.3.1.1 (Firepower Threat Defense), 7.2.4 (Firepower Threat Defense), 6.2.3.3 (Firepower Threat Defense), 6.2.3.4 (Firepower Threat Defense), 6.2.3.5 (Firepower Threat Defense), 6.2.3.6 (Firepower Threat Defense), 6.2.3.7 (Firepower Threat Defense), 6.2.3.8 (Firepower Threat Defense), 6.2.3.9 (Firepower Threat Defense), 6.2.3.10 (Firepower Threat Defense), 6.2.3.11 (Firepower Threat Defense), 6.2.3.12 (Firepower Threat Defense), 6.2.3.13 (Firepower Threat Defense), 6.2.3.14 (Firepower Threat Defense), 6.2.3.15 (Firepower Threat Defense), 6.2.3.17 (Firepower Threat Defense), 6.2.3.18 (Firepower Threat Defense), 6.4.0.1 (Firepower Threat Defense), 6.4.0.2 (Firepower Threat Defense), 6.4.0.3 (Firepower Threat Defense), 6.4.0.4 (Firepower Threat Defense), 6.4.0.5 (Firepower Threat Defense), 6.4.0.6 (Firepower Threat Defense), 6.4.0.7 (Firepower Threat Defense), 6.4.0.8 (Firepower Threat Defense), 6.4.0.9 (Firepower Threat Defense), 6.4.0.10 (Firepower Threat Defense), 6.4.0.11 (Firepower Threat Defense), 6.4.0.12 (Firepower Threat Defense), 6.4.0.13 (Firepower Threat Defense), 6.4.0.14 (Firepower Threat Defense), 6.4.0.15 (Firepower Threat Defense), 6.4.0.16 (Firepower Threat Defense), 6.6.7.1 (Firepower Threat Defense), 6.7.0 (Firepower Threat Defense), 6.7.0.1 (Firepower Threat Defense), 6.7.0.2 (Firepower Threat Defense), 6.7.0.3 (Firepower Threat Defense), 7.1.0 (Firepower Threat Defense), 6.2.3.1 (Firepower Threat Defense), 6.2.3.2 (Firepower Threat Defense), 7.0.6 (Firepower Threat Defense), 7.2.4.1 (Firepower Threat Defense), 7.2.5 (Firepower Threat Defense), 6.4.0.17 (Firepower Threat Defense), 7.0.6.1 (Firepower Threat Defense), 7.2.5.1 (Firepower Threat Defense), 7.4.0 (Firepower Threat Defense), 7.4.1 (Firepower Threat Defense), 7.3.1.2 (Firepower Threat Defense), 6.6.7.2 (Firepower Threat Defense), 7.0.6.2 (Firepower Threat Defense), 7.2.5.2 (Firepower Threat Defense), 7.2.8.1 (Firepower Threat Defense), 7.4.1.1 (Firepower Threat Defense), 6.4.0.18 (Firepower Threat Defense), 7.2.6 (Firepower Threat Defense), 7.2.7 (Firepower Threat Defense), 7.2.8 (Firepower Threat Defense)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-bypass-PTry37fX\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e pkt-decode-optimization \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b asp inspect-dp pkt-decode-optimization \u0432 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438:\n\nFTD# no asp inspect-dp pkt-decode-optimization\nFTD#",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.11.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-08896",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20407",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Firepower Threat Defense",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. - - Cisco 3000 Series Industrial Security Appliances (ISA), Cisco Systems Inc. - - Cisco Firepower 2100 Series, Cisco Systems Inc. - - Cisco ASA 5500-X Series, Cisco Systems Inc. - - Cisco Firepower 4100 Series, Cisco Systems Inc. - - Cisco Firepower 1000 Series, Cisco Systems Inc. - - Cisco Firepower 9000 Series, Cisco Systems Inc. - - Cisco Secure Firewall 3100 Series, Cisco Systems Inc. - - Cisco Secure Firewall 4200 Series, Cisco Systems Inc. - - Cisco Secure Firewall Threat Defense Virtual",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 TCP Intercept \u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 Snort \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 Cisco Firepower Threat Defense (FTD), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 SYN flood",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c (CWE-399)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 TCP Intercept \u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 Snort \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 Cisco Firepower Threat Defense (FTD) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f Maximum Embryonic TCP-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 SYN flood",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-bypass-PTry37fX\nhttps://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/threat_defense_service_policies.html\nhttps://www.cisco.com/c/en/us/td/docs/security/firepower/70/snort3/config-guide/snort3-configuration-guide-v70/migrating.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-399",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)"
}

CVE-2024-20407 (GCVE-0-2024-20407)

Vulnerability from cvelistv5 – Published: 2024-10-23 17:36 – Updated: 2024-10-24 16:09

Summary

A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Devices that are configured with Snort 2 are not affected by this vulnerability. This vulnerability is due to a logic error when handling embryonic (half-open) TCP connections. An attacker could exploit this vulnerability by sending a crafted traffic pattern through an affected device. A successful exploit could allow unintended traffic to enter the network protected by the affected device.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-399 - Resource Management Errors

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Firepower Threat Defense Software	Affected: 6.2.3 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.2.3.6 Affected: 6.2.3.7 Affected: 6.2.3.8 Affected: 6.2.3.10 Affected: 6.2.3.11 Affected: 6.2.3.9 Affected: 6.2.3.12 Affected: 6.2.3.13 Affected: 6.2.3.14 Affected: 6.2.3.15 Affected: 6.2.3.16 Affected: 6.2.3.17 Affected: 6.2.3.18 Affected: 6.6.0 Affected: 6.6.0.1 Affected: 6.6.1 Affected: 6.6.3 Affected: 6.6.4 Affected: 6.6.5 Affected: 6.6.5.1 Affected: 6.6.5.2 Affected: 6.6.7 Affected: 6.6.7.1 Affected: 6.6.7.2 Affected: 6.4.0 Affected: 6.4.0.1 Affected: 6.4.0.3 Affected: 6.4.0.2 Affected: 6.4.0.4 Affected: 6.4.0.5 Affected: 6.4.0.6 Affected: 6.4.0.7 Affected: 6.4.0.8 Affected: 6.4.0.9 Affected: 6.4.0.10 Affected: 6.4.0.11 Affected: 6.4.0.12 Affected: 6.4.0.13 Affected: 6.4.0.14 Affected: 6.4.0.15 Affected: 6.4.0.16 Affected: 6.4.0.17 Affected: 6.4.0.18 Affected: 6.7.0 Affected: 6.7.0.1 Affected: 6.7.0.2 Affected: 6.7.0.3 Affected: 7.0.0 Affected: 7.0.0.1 Affected: 7.0.1 Affected: 7.0.1.1 Affected: 7.0.2 Affected: 7.0.2.1 Affected: 7.0.3 Affected: 7.0.4 Affected: 7.0.5 Affected: 7.0.6 Affected: 7.0.6.1 Affected: 7.0.6.2 Affected: 7.1.0 Affected: 7.1.0.1 Affected: 7.1.0.2 Affected: 7.1.0.3 Affected: 7.2.0 Affected: 7.2.0.1 Affected: 7.2.1 Affected: 7.2.2 Affected: 7.2.3 Affected: 7.2.4 Affected: 7.2.4.1 Affected: 7.2.5 Affected: 7.2.5.1 Affected: 7.2.6 Affected: 7.2.7 Affected: 7.2.5.2 Affected: 7.2.8 Affected: 7.2.8.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.3.1.1 Affected: 7.3.1.2 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.4.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firepower_threat_defense_software",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "6.2.3.18",
                "status": "affected",
                "version": "6.2.3",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.4.0.18",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.6.7.2",
                "status": "affected",
                "version": "6.6.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.7.0.3",
                "status": "affected",
                "version": "6.7.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.0.6.2",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.1.0.3",
                "status": "affected",
                "version": "7.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.2.8.1",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.3.1.2",
                "status": "affected",
                "version": "7.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.4.1.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20407",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T18:45:15.554948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T16:09:41.083Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.3.2"
            },
            {
              "status": "affected",
              "version": "6.2.3.3"
            },
            {
              "status": "affected",
              "version": "6.2.3.4"
            },
            {
              "status": "affected",
              "version": "6.2.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.3.6"
            },
            {
              "status": "affected",
              "version": "6.2.3.7"
            },
            {
              "status": "affected",
              "version": "6.2.3.8"
            },
            {
              "status": "affected",
              "version": "6.2.3.10"
            },
            {
              "status": "affected",
              "version": "6.2.3.11"
            },
            {
              "status": "affected",
              "version": "6.2.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3.12"
            },
            {
              "status": "affected",
              "version": "6.2.3.13"
            },
            {
              "status": "affected",
              "version": "6.2.3.14"
            },
            {
              "status": "affected",
              "version": "6.2.3.15"
            },
            {
              "status": "affected",
              "version": "6.2.3.16"
            },
            {
              "status": "affected",
              "version": "6.2.3.17"
            },
            {
              "status": "affected",
              "version": "6.2.3.18"
            },
            {
              "status": "affected",
              "version": "6.6.0"
            },
            {
              "status": "affected",
              "version": "6.6.0.1"
            },
            {
              "status": "affected",
              "version": "6.6.1"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "6.6.5"
            },
            {
              "status": "affected",
              "version": "6.6.5.1"
            },
            {
              "status": "affected",
              "version": "6.6.5.2"
            },
            {
              "status": "affected",
              "version": "6.6.7"
            },
            {
              "status": "affected",
              "version": "6.6.7.1"
            },
            {
              "status": "affected",
              "version": "6.6.7.2"
            },
            {
              "status": "affected",
              "version": "6.4.0"
            },
            {
              "status": "affected",
              "version": "6.4.0.1"
            },
            {
              "status": "affected",
              "version": "6.4.0.3"
            },
            {
              "status": "affected",
              "version": "6.4.0.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.4"
            },
            {
              "status": "affected",
              "version": "6.4.0.5"
            },
            {
              "status": "affected",
              "version": "6.4.0.6"
            },
            {
              "status": "affected",
              "version": "6.4.0.7"
            },
            {
              "status": "affected",
              "version": "6.4.0.8"
            },
            {
              "status": "affected",
              "version": "6.4.0.9"
            },
            {
              "status": "affected",
              "version": "6.4.0.10"
            },
            {
              "status": "affected",
              "version": "6.4.0.11"
            },
            {
              "status": "affected",
              "version": "6.4.0.12"
            },
            {
              "status": "affected",
              "version": "6.4.0.13"
            },
            {
              "status": "affected",
              "version": "6.4.0.14"
            },
            {
              "status": "affected",
              "version": "6.4.0.15"
            },
            {
              "status": "affected",
              "version": "6.4.0.16"
            },
            {
              "status": "affected",
              "version": "6.4.0.17"
            },
            {
              "status": "affected",
              "version": "6.4.0.18"
            },
            {
              "status": "affected",
              "version": "6.7.0"
            },
            {
              "status": "affected",
              "version": "6.7.0.1"
            },
            {
              "status": "affected",
              "version": "6.7.0.2"
            },
            {
              "status": "affected",
              "version": "6.7.0.3"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.0.2.1"
            },
            {
              "status": "affected",
              "version": "7.0.3"
            },
            {
              "status": "affected",
              "version": "7.0.4"
            },
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "7.0.6"
            },
            {
              "status": "affected",
              "version": "7.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.0.6.2"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "7.1.0.1"
            },
            {
              "status": "affected",
              "version": "7.1.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.0.3"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            },
            {
              "status": "affected",
              "version": "7.2.8.1"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.2"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Devices that are configured with Snort 2 are not affected by this vulnerability. \r\n\r This vulnerability is due to a logic error when handling embryonic (half-open) TCP connections. An attacker could exploit this vulnerability by sending a crafted traffic pattern through an affected device. A successful exploit could allow unintended traffic to enter the network protected by the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "Resource Management Errors",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T17:36:40.728Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-snort-bypass-PTry37fX",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-bypass-PTry37fX"
        }
      ],
      "source": {
        "advisory": "cisco-sa-snort-bypass-PTry37fX",
        "defects": [
          "CSCwi42291"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20407",
    "datePublished": "2024-10-23T17:36:40.728Z",
    "dateReserved": "2023-11-08T15:08:07.661Z",
    "dateUpdated": "2024-10-24T16:09:41.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-08896

CVE-2024-20407 (GCVE-0-2024-20407)

Tags

Sightings

Nomenclature