CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.4 | $0-$5k | 0.00 |
A vulnerability was found in Cisco Cyber Vision, FirePOWER Services, Firepower Threat Defense, Meraki MX Security Appliances and Umbrella Secure Internet Gateway (Firewall Software) and classified as problematic. Affected by this issue is an unknown functionality of the component Snort Detection Engine. The manipulation with an unknown input leads to a heap inspection vulnerability. Using CWE to declare the problem leads to CWE-244. Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory. Impacted is availability. CVE summarizes:
Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.
The weakness was released 11/16/2022 as cisco-sa-snort-smb-3nfhJtr. The advisory is available at tools.cisco.com. This vulnerability is handled as CVE-2022-20943 since 11/02/2021. The technical details are unknown and an exploit is not available.
Upgrading eliminates this vulnerability.
Entry connected to this vulnerability is available at VDB-213294.
Product
Type
Vendor
Name
- Cyber Vision
- FirePOWER Services
- Firepower Threat Defense
- Meraki MX Security Appliances
- Umbrella Secure Internet Gateway
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 5.8
CNA Vector (Cisco Systems, Inc.): 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Heap inspectionCWE: CWE-244
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/02/2021 🔍11/16/2022 🔍
11/16/2022 🔍
11/16/2022 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-snort-smb-3nfhJtr
Status: Confirmed
CVE: CVE-2022-20943 (🔍)
See also: 🔍
Entry
Created: 11/16/2022 06:56 AMChanges: 11/16/2022 06:56 AM (50)
Complete: 🔍
Cache ID: 3:049:40
No comments yet. Languages: en.
Please log in to comment.