CVE-2023-20071
Vulnerability from cvelistv5
Published
2023-11-01 17:07
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.
References
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Cisco | Cisco Firepower Threat Defense Software |
Version: 6.2.3 Version: 6.2.3.1 Version: 6.2.3.2 Version: 6.2.3.3 Version: 6.2.3.4 Version: 6.2.3.5 Version: 6.2.3.6 Version: 6.2.3.7 Version: 6.2.3.8 Version: 6.2.3.10 Version: 6.2.3.11 Version: 6.2.3.9 Version: 6.2.3.12 Version: 6.2.3.13 Version: 6.2.3.14 Version: 6.2.3.15 Version: 6.2.3.16 Version: 6.2.3.17 Version: 6.2.3.18 Version: 6.6.0 Version: 6.6.0.1 Version: 6.6.1 Version: 6.6.3 Version: 6.6.4 Version: 6.6.5 Version: 6.6.5.1 Version: 6.6.5.2 Version: 6.6.7 Version: 6.6.7.1 Version: 6.4.0 Version: 6.4.0.1 Version: 6.4.0.3 Version: 6.4.0.2 Version: 6.4.0.4 Version: 6.4.0.5 Version: 6.4.0.6 Version: 6.4.0.7 Version: 6.4.0.8 Version: 6.4.0.9 Version: 6.4.0.10 Version: 6.4.0.11 Version: 6.4.0.12 Version: 6.4.0.13 Version: 6.4.0.14 Version: 6.4.0.15 Version: 6.4.0.16 Version: 6.7.0 Version: 6.7.0.1 Version: 6.7.0.2 Version: 6.7.0.3 Version: 7.0.0 Version: 7.0.0.1 Version: 7.0.1 Version: 7.0.1.1 Version: 7.0.2 Version: 7.0.2.1 Version: 7.0.3 Version: 7.0.4 Version: 7.0.5 Version: 7.1.0 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.0.3 Version: 7.2.0 Version: 7.2.0.1 Version: 7.2.1 Version: 7.2.2 Version: 7.2.3 Version: 7.3.0 Version: 7.3.1 Version: 7.3.1.1 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.845Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-snort-ftd-zXYtnjOM", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Firepower Threat Defense Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.2.3" }, { "status": "affected", "version": "6.2.3.1" }, { "status": "affected", "version": "6.2.3.2" }, { "status": "affected", "version": "6.2.3.3" }, { "status": "affected", "version": "6.2.3.4" }, { "status": "affected", "version": "6.2.3.5" }, { "status": "affected", "version": "6.2.3.6" }, { "status": "affected", "version": "6.2.3.7" }, { "status": "affected", "version": "6.2.3.8" }, { "status": "affected", "version": "6.2.3.10" }, { "status": "affected", "version": "6.2.3.11" }, { "status": "affected", "version": "6.2.3.9" }, { "status": "affected", "version": "6.2.3.12" }, { "status": "affected", "version": "6.2.3.13" }, { "status": "affected", "version": "6.2.3.14" }, { "status": "affected", "version": "6.2.3.15" }, { "status": "affected", "version": "6.2.3.16" }, { "status": "affected", "version": "6.2.3.17" }, { "status": "affected", "version": "6.2.3.18" }, { "status": "affected", "version": "6.6.0" }, { "status": "affected", "version": "6.6.0.1" }, { "status": "affected", "version": "6.6.1" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "6.6.4" }, { "status": "affected", "version": "6.6.5" }, { "status": "affected", "version": "6.6.5.1" }, { "status": "affected", "version": "6.6.5.2" }, { "status": "affected", "version": "6.6.7" }, { "status": "affected", "version": "6.6.7.1" }, { "status": "affected", "version": "6.4.0" }, { "status": "affected", "version": "6.4.0.1" }, { "status": "affected", "version": "6.4.0.3" }, { "status": "affected", "version": "6.4.0.2" }, { "status": "affected", "version": "6.4.0.4" }, { "status": "affected", "version": "6.4.0.5" }, { "status": "affected", "version": "6.4.0.6" }, { "status": "affected", "version": "6.4.0.7" }, { "status": "affected", "version": "6.4.0.8" }, { "status": "affected", "version": "6.4.0.9" }, { "status": "affected", "version": "6.4.0.10" }, { "status": "affected", "version": "6.4.0.11" }, { "status": "affected", "version": "6.4.0.12" }, { "status": "affected", "version": "6.4.0.13" }, { "status": "affected", "version": "6.4.0.14" }, { "status": "affected", "version": "6.4.0.15" }, { "status": "affected", "version": "6.4.0.16" }, { "status": "affected", "version": "6.7.0" }, { "status": "affected", "version": "6.7.0.1" }, { "status": "affected", "version": "6.7.0.2" }, { "status": "affected", "version": "6.7.0.3" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.0.1" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.1.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.0.2.1" }, { "status": "affected", "version": "7.0.3" }, { "status": "affected", "version": "7.0.4" }, { "status": "affected", "version": "7.0.5" }, { "status": "affected", "version": "7.1.0" }, { "status": "affected", "version": "7.1.0.1" }, { "status": "affected", "version": "7.1.0.2" }, { "status": "affected", "version": "7.1.0.3" }, { "status": "affected", "version": "7.2.0" }, { "status": "affected", "version": "7.2.0.1" }, { "status": "affected", "version": "7.2.1" }, { "status": "affected", "version": "7.2.2" }, { "status": "affected", "version": "7.2.3" }, { "status": "affected", "version": "7.3.0" }, { "status": "affected", "version": "7.3.1" }, { "status": "affected", "version": "7.3.1.1" } ] }, { "product": "Cisco Umbrella Insights Virtual Appliance", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Cyber Vision", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "3.0.4" }, { "status": "affected", "version": "3.0.0" }, { "status": "affected", "version": "3.0.1" }, { "status": "affected", "version": "3.0.2" }, { "status": "affected", "version": "3.0.3" }, { "status": "affected", "version": "3.0.5" }, { "status": "affected", "version": "3.0.6" }, { "status": "affected", "version": "3.1.0" }, { "status": "affected", "version": "3.1.2" }, { "status": "affected", "version": "3.1.1" }, { "status": "affected", "version": "3.2.3" }, { "status": "affected", "version": "3.2.1" }, { "status": "affected", "version": "3.2.4" }, { "status": "affected", "version": "3.2.0" }, { "status": "affected", "version": "3.2.2" }, { "status": "affected", "version": "4.0.0" }, { "status": "affected", "version": "4.0.1" }, { "status": "affected", "version": "4.0.2" }, { "status": "affected", "version": "4.0.3" }, { "status": "affected", "version": "4.1.0" }, { "status": "affected", "version": "4.1.1" }, { "status": "affected", "version": "4.1.2" } ] }, { "product": "Cisco UTD SNORT IPS Engine Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7a" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "3.17.0S" }, { "status": "affected", "version": "3.17.1S" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "Fuji-16.9.2" }, { "status": "affected", "version": "Fuji-16.9.4" }, { "status": "affected", "version": "Fuji-16.9.6" }, { "status": "affected", "version": "Fuji-16.9.3" }, { "status": "affected", "version": "Fuji-16.9.7" }, { "status": "affected", "version": "Fuji-16.9.8" }, { "status": "affected", "version": "Fuji-16.9.5" }, { "status": "affected", "version": "Denali-16.3.3" }, { "status": "affected", "version": "Denali-16.3.9" }, { "status": "affected", "version": "Denali-16.3.7" }, { "status": "affected", "version": "Denali-16.3.5" }, { "status": "affected", "version": "Denali-16.3.4" }, { "status": "affected", "version": "Everest-16.6.3" }, { "status": "affected", "version": "Everest-16.6.4" }, { "status": "affected", "version": "Everest-16.6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1039", "description": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:41.206Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-snort-ftd-zXYtnjOM", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM" } ], "source": { "advisory": "cisco-sa-snort-ftd-zXYtnjOM", "defects": [ "CSCwb69096", "CSCwd83613", "CSCwd09631", "CSCwe02137", "CSCwe57521" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20071", "datePublished": "2023-11-01T17:07:44.528Z", "dateReserved": "2022-10-27T18:47:50.328Z", "dateUpdated": "2024-08-02T08:57:35.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-20071\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-11-01T18:15:09.090\",\"lastModified\":\"2024-11-21T07:40:29.093\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.\"},{\"lang\":\"es\",\"value\":\"Varios productos de Cisco se ven afectados por una vulnerabilidad en el motor de detecci\u00f3n Snort que podr\u00eda permitir que un atacante remoto no autenticado omitir las pol\u00edticas configuradas en un sistema afectado. Esta vulnerabilidad se debe a una falla en el m\u00f3dulo FTP del motor de detecci\u00f3n de Snort. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico FTP manipulado a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante omitir la inspecci\u00f3n de FTP y entregar un payload maliciosa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1039\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.0.17\",\"matchCriteriaId\":\"C62E4A4C-EE6D-49B5-ADCC-21386CD9F2D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.0\",\"versionEndExcluding\":\"7.0.6\",\"matchCriteriaId\":\"F2A381B6-2AEF-4A0F-A151-8C3CEBBA7AC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.2.4\",\"matchCriteriaId\":\"BB0ABE0D-B90E-45BD-8978-DD6EBC863EC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.0\",\"versionEndExcluding\":\"7.3.1.2\",\"matchCriteriaId\":\"233409FB-3D8D-41A9-BEC6-8A0E758717ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:snort:snort:2.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C27CF59-184F-4FFD-9CE8-87F2589EB5AA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"7.0.5\",\"matchCriteriaId\":\"7792398D-F563-4441-900D-ABFECAA884AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.1.0.3\",\"matchCriteriaId\":\"0F64FDF4-9696-4FC8-9ADA-DF1727EF1A63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.1\",\"matchCriteriaId\":\"F712E334-BA34-4D9C-9E72-DBEFCF9B0E66\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.32.0\",\"matchCriteriaId\":\"B5D0C2A5-A925-475B-8B2F-F8E3F27C0876\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:cyber_vision:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"CCA9E447-86A4-46AC-9D6B-55D6F8664488\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.3\",\"versionEndExcluding\":\"17.3.8\",\"matchCriteriaId\":\"BE0EDFC9-F9CD-487F-AB5C-38E8340BF427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6\",\"versionEndExcluding\":\"17.6.6\",\"matchCriteriaId\":\"85C85786-8BA2-4194-9A07-9F8E676E75C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.9\",\"versionEndExcluding\":\"17.9.4\",\"matchCriteriaId\":\"B50A5D29-0995-469D-86B8-0C5473FC54FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.11\",\"versionEndExcluding\":\"17.11.1a\",\"matchCriteriaId\":\"0DB2D2F1-FB90-485D-B6B4-B6E0A9351C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12\",\"versionEndExcluding\":\"17.12.1a\",\"matchCriteriaId\":\"FC04A2AB-CAAA-4723-90FD-C35CED76E029\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:meraki_mx_security_appliance_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C60FD7B-F41F-4307-B3F4-905E7B7C17AF\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.