Cisco Firepower Threat Defense Software up to 7.3.1.1 Internal Packet Processing denial of service

Summaryinfo

A vulnerability classified as critical was found in Cisco Firepower Threat Defense Software. Affected by this vulnerability is an unknown functionality of the component Internal Packet Processing. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2023-20244. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Cisco Firepower Threat Defense Software (Firewall Software). Affected by this issue is an unknown function of the component Internal Packet Processing. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. CVE summarizes:

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state.

The weakness was shared 11/01/2023 as cisco-sa-ftd-intrusion-dos-DfT7wyGC. The advisory is shared for download at sec.cloudapps.cisco.com. This vulnerability is handled as CVE-2023-20244 since 10/27/2022. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1499.

Upgrading eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Cisco

Name

• Firepower Threat Defense Software

Version

• 6.2.3
• 6.2.3.1
• 6.2.3.2
• 6.2.3.3
• 6.2.3.4
• 6.2.3.5
• 6.2.3.6
• 6.2.3.7
• 6.2.3.8
• 6.2.3.9
• 6.2.3.10
• 6.2.3.11
• 6.2.3.12
• 6.2.3.13
• 6.2.3.14
• 6.2.3.15
• 6.2.3.16
• 6.2.3.17
• 6.2.3.18
• 6.4.0
• 6.4.0.1
• 6.4.0.2
• 6.4.0.3
• 6.4.0.4
• 6.4.0.5
• 6.4.0.6
• 6.4.0.7
• 6.4.0.8
• 6.4.0.9
• 6.4.0.10
• 6.4.0.11
• 6.4.0.12
• 6.4.0.13
• 6.4.0.14
• 6.4.0.15
• 6.4.0.16
• 6.6.0
• 6.6.0.1
• 6.6.1
• 6.6.3
• 6.6.4
• 6.6.5
• 6.6.5.1
• 6.6.5.2
• 6.6.7
• 6.6.7.1
• 6.7.0
• 6.7.0.1
• 6.7.0.2
• 6.7.0.3
• 7.0.0
• 7.0.0.1
• 7.0.1
• 7.0.1.1
• 7.0.2
• 7.0.2.1
• 7.0.3
• 7.0.4
• 7.0.5
• 7.1.0
• 7.1.0.1
• 7.1.0.3
• 7.2.0
• 7.2.0.1
• 7.2.1
• 7.2.2
• 7.2.3
• 7.3.0
• 7.3.1
• 7.3.1.1

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion