cnvd - cnvd-2020-31112

CNVD-2020-31112

Vulnerability from cnvd - Published: 2020-06-02

Title

多款Cisco产品策略绕过漏洞

Description

Cisco 3000 Series Industrial Security Appliances等都是美国思科（Cisco）公司的产品。Cisco 3000 Series Industrial Security Appliances是一款3000系列防火墙设备。Cloud Services Router 1000V Series是一款1000v系列云服务路由器。Cisco 1000 Series Integrated Services Routers（ISRs）是一款1000系列集成多业务路由器。多款Cisco产品的Snort检查引擎中HTTP响应处理的方法存在策略绕过漏洞，远程攻击者可通过发送特制的HTTP数据包利用该漏洞绕过所配置的文件策略并向受保护的网络发送恶意的payload。

Severity

中

Patch Name

多款Cisco产品策略绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-3315

Impacted products

Name
['Cisco Firepower Threat Defense Software', 'Cisco 4000 Series Integrated Services Routers', 'Cisco 3000 Series Industrial Security Appliances (ISA)', 'Cisco Cloud Services Router 1000V Series', 'Cisco Integrated Services Virtual Router', 'Cisco 1000 Series Integrated Services Routers']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3315"
    }
  },
  "description": "Cisco 3000 Series Industrial Security Appliances\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco 3000 Series Industrial Security Appliances\u662f\u4e00\u6b3e3000\u7cfb\u5217\u9632\u706b\u5899\u8bbe\u5907\u3002Cloud Services Router 1000V Series\u662f\u4e00\u6b3e1000v\u7cfb\u5217\u4e91\u670d\u52a1\u8def\u7531\u5668\u3002Cisco 1000 Series Integrated Services Routers\uff08ISRs\uff09\u662f\u4e00\u6b3e1000\u7cfb\u5217\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002\n\n\u591a\u6b3eCisco\u4ea7\u54c1\u7684Snort\u68c0\u67e5\u5f15\u64ce\u4e2dHTTP\u54cd\u5e94\u5904\u7406\u7684\u65b9\u6cd5\u5b58\u5728\u7b56\u7565\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6240\u914d\u7f6e\u7684\u6587\u4ef6\u7b56\u7565\u5e76\u5411\u53d7\u4fdd\u62a4\u7684\u7f51\u7edc\u53d1\u9001\u6076\u610f\u7684payload\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31112",
  "openTime": "2020-06-02",
  "patchDescription": "Cisco 3000 Series Industrial Security Appliances\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco 3000 Series Industrial Security Appliances\u662f\u4e00\u6b3e3000\u7cfb\u5217\u9632\u706b\u5899\u8bbe\u5907\u3002Cloud Services Router 1000V Series\u662f\u4e00\u6b3e1000v\u7cfb\u5217\u4e91\u670d\u52a1\u8def\u7531\u5668\u3002Cisco 1000 Series Integrated Services Routers\uff08ISRs\uff09\u662f\u4e00\u6b3e1000\u7cfb\u5217\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u7684Snort\u68c0\u67e5\u5f15\u64ce\u4e2dHTTP\u54cd\u5e94\u5904\u7406\u7684\u65b9\u6cd5\u5b58\u5728\u7b56\u7565\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6240\u914d\u7f6e\u7684\u6587\u4ef6\u7b56\u7565\u5e76\u5411\u53d7\u4fdd\u62a4\u7684\u7f51\u7edc\u53d1\u9001\u6076\u610f\u7684payload\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco\u4ea7\u54c1\u7b56\u7565\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Firepower Threat Defense Software",
      "Cisco 4000 Series Integrated Services Routers",
      "Cisco 3000 Series Industrial Security Appliances (ISA)",
      "Cisco Cloud Services Router 1000V Series",
      "Cisco Integrated Services Virtual Router",
      "Cisco 1000 Series Integrated Services Routers"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3315",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-07",
  "title": "\u591a\u6b3eCisco\u4ea7\u54c1\u7b56\u7565\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2020-3315 (GCVE-0-2020-3315)

Vulnerability from cvelistv5 – Published: 2020-05-06 16:40 – Updated: 2024-11-15 17:26

Title

Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

Summary

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-693

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list
	https://www.debian.org/security/2023/dsa-5354	vendor-advisory

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Firepower Threat Defense Software	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:57.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200506 Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP"
          },
          {
            "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
          },
          {
            "name": "DSA-5354",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5354"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3315",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:21:45.962425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:26:32.026Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-05-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-19T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200506 Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP"
        },
        {
          "name": "[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html"
        },
        {
          "name": "DSA-5354",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5354"
        }
      ],
      "source": {
        "advisory": "cisco-sa-snort_filepolbypass-m4X5DgOP",
        "defect": [
          [
            "CSCvr01675",
            "CSCvr82603",
            "CSCvt10151",
            "CSCvt28138"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3315",
    "datePublished": "2020-05-06T16:40:42.180942Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:26:32.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-31112

CVE-2020-3315 (GCVE-0-2020-3315)

Tags

Sightings

Nomenclature