Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-20071

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-01 Nov, 2023 | 17:07
Updated At-02 Aug, 2024 | 08:57
Rejected At-
Credits

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:01 Nov, 2023 | 17:07
Updated At:02 Aug, 2024 | 08:57
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Firepower Threat Defense Software
Versions
Affected
  • 6.2.3
  • 6.2.3.1
  • 6.2.3.2
  • 6.2.3.3
  • 6.2.3.4
  • 6.2.3.5
  • 6.2.3.6
  • 6.2.3.7
  • 6.2.3.8
  • 6.2.3.10
  • 6.2.3.11
  • 6.2.3.9
  • 6.2.3.12
  • 6.2.3.13
  • 6.2.3.14
  • 6.2.3.15
  • 6.2.3.16
  • 6.2.3.17
  • 6.2.3.18
  • 6.6.0
  • 6.6.0.1
  • 6.6.1
  • 6.6.3
  • 6.6.4
  • 6.6.5
  • 6.6.5.1
  • 6.6.5.2
  • 6.6.7
  • 6.6.7.1
  • 6.4.0
  • 6.4.0.1
  • 6.4.0.3
  • 6.4.0.2
  • 6.4.0.4
  • 6.4.0.5
  • 6.4.0.6
  • 6.4.0.7
  • 6.4.0.8
  • 6.4.0.9
  • 6.4.0.10
  • 6.4.0.11
  • 6.4.0.12
  • 6.4.0.13
  • 6.4.0.14
  • 6.4.0.15
  • 6.4.0.16
  • 6.7.0
  • 6.7.0.1
  • 6.7.0.2
  • 6.7.0.3
  • 7.0.0
  • 7.0.0.1
  • 7.0.1
  • 7.0.1.1
  • 7.0.2
  • 7.0.2.1
  • 7.0.3
  • 7.0.4
  • 7.0.5
  • 7.1.0
  • 7.1.0.1
  • 7.1.0.2
  • 7.1.0.3
  • 7.2.0
  • 7.2.0.1
  • 7.2.1
  • 7.2.2
  • 7.2.3
  • 7.3.0
  • 7.3.1
  • 7.3.1.1
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Umbrella Insights Virtual Appliance
Versions
Affected
  • N/A
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Cyber Vision
Versions
Affected
  • 3.0.4
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.0.5
  • 3.0.6
  • 3.1.0
  • 3.1.2
  • 3.1.1
  • 3.2.3
  • 3.2.1
  • 3.2.4
  • 3.2.0
  • 3.2.2
  • 4.0.0
  • 4.0.1
  • 4.0.2
  • 4.0.3
  • 4.1.0
  • 4.1.1
  • 4.1.2
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco UTD SNORT IPS Engine Software
Versions
Affected
  • 16.12.1a
  • 16.12.2
  • 16.12.3
  • 16.12.4
  • 16.12.5
  • 16.12.6
  • 16.12.7
  • 16.12.8
  • 16.6.1
  • 16.6.5
  • 16.6.6
  • 16.6.7a
  • 16.6.9
  • 16.6.10
  • 17.1.1
  • 17.2.1r
  • 17.3.1a
  • 17.3.2
  • 17.3.3
  • 17.3.4a
  • 17.3.6
  • 17.3.5
  • 17.3.7
  • 3.17.0S
  • 3.17.1S
  • 17.4.1a
  • 17.4.2
  • 17.4.1b
  • 17.5.1a
  • 17.6.1a
  • 17.6.2
  • 17.6.3a
  • 17.6.4
  • 17.6.5
  • 17.7.1a
  • 17.7.2
  • 17.10.1a
  • 17.9.1a
  • 17.9.2a
  • 17.9.3a
  • 17.8.1a
  • Fuji-16.9.2
  • Fuji-16.9.4
  • Fuji-16.9.6
  • Fuji-16.9.3
  • Fuji-16.9.7
  • Fuji-16.9.8
  • Fuji-16.9.5
  • Denali-16.3.3
  • Denali-16.3.9
  • Denali-16.3.7
  • Denali-16.3.5
  • Denali-16.3.4
  • Everest-16.6.3
  • Everest-16.6.4
  • Everest-16.6.2
Problem Types
TypeCWE IDDescription
cweCWE-1039Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
Type: cwe
CWE ID: CWE-1039
Description: Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
Metrics
VersionBase scoreBase severityVector
3.15.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM
x_transferred
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:01 Nov, 2023 | 18:15
Updated At:25 Jan, 2024 | 17:15

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Secondary3.15.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CPE Matches
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions before 6.4.0.17(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 6.5.0(inclusive) to 7.0.6(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 7.1.0(inclusive) to 7.2.4(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 7.3.0(inclusive) to 7.3.1.2(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
snort
snort
>>snort>>2.0
cpe:2.3:a:snort:snort:2.0:-:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 6.7.0(inclusive) to 7.0.5(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 7.1.0(inclusive) to 7.1.0.3(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 7.2.0(inclusive) to 7.2.1(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
snort
snort
>>snort>>Versions before 3.1.32.0(exclusive)
cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>cyber_vision>>Versions before 4.1.3(exclusive)
cpe:2.3:a:cisco:cyber_vision:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_threat_defense>>Versions from 17.3(inclusive) to 17.3.8(exclusive)
cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_threat_defense>>Versions from 17.6(inclusive) to 17.6.6(exclusive)
cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_threat_defense>>Versions from 17.9(inclusive) to 17.9.4(exclusive)
cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_threat_defense>>Versions from 17.11(inclusive) to 17.11.1a(exclusive)
cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>unified_threat_defense>>Versions from 17.12(inclusive) to 17.12.1a(exclusive)
cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>meraki_mx_security_appliance_firmware>>-
cpe:2.3:o:cisco:meraki_mx_security_appliance_firmware:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-1039Secondaryykramarz@cisco.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-1039
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOMykramarz@cisco.com
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

57Records found
CVE-2021-34749
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.41% / 60.73%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 19:40
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ironport_web_security_appliancefirepower_management_center_virtual_appliance_firmwaresecure_firewall_management_centerCisco Web Security Appliance (WSA)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-34696
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.18% / 40.37%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:25
Updated-07 Nov, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability

A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_920-10sz-pdasr_920-24sz-m_rasr_920-12cz-aasr_920-24sz-imasr_907asr_920-12cz-d_rasr_920-4sz-d_rasr_920-24sz-mios_xeasr_903asr_920-4sz-aasr_920-12sz-im_rasr_920-12cz-a_rasr_920-10sz-pd_rasr_920-12cz-dasr_920-24sz-im_rasr_902asr_920-12sz-imasr_920-4sz-a_rasr_920-4sz-dasr_920-24tz-m_rasr_920u-12sz-imasr_920-24tz-mCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
CVE-2021-1534
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.28% / 50.90%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 19:35
Updated-07 Nov, 2024 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance URL Filtering Bypass Vulnerability

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-email_security_appliance_c190asyncosemail_security_appliance_c390email_security_appliance_c380email_security_appliance_c170email_security_appliance_c680email_security_appliance_c690xemail_security_appliance_c690Cisco Email Security Appliance (ESA)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1625
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:25
Updated-07 Nov, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection Vulnerability

A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator flows are not inspected when the Zone-Based Policy Firewall has either Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) configured. An attacker could exploit this vulnerability by attempting to send UDP or ICMP flows through the network. A successful exploit could allow the attacker to inject traffic through the Zone-Based Policy Firewall, resulting in traffic being dropped because it is incorrectly classified or in incorrect reporting figures being produced by high-speed logging (HSL).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-284
Improper Access Control
CVE-2021-1495
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.15% / 36.72%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:31
Updated-08 Nov, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Action-Not Available
Vendor-snortCisco Systems, Inc.
Product-c8200l-1n-4t1111x_integrated_services_routercatalyst_8300-1n1s-4t2xcatalyst_8500lsnort4431_integrated_services_router1160_integrated_services_routerc8200-1n-4tcatalyst_8300-1n1s-6tios_xe1100-4g\/6g_integrated_services_router4221_integrated_services_routercatalyst_8300-2n2s-4t2x4331_integrated_services_router4461_integrated_services_router3000_integrated_services_routercatalyst_8300-2n2s-6t1101_integrated_services_router1109_integrated_services_router111x_integrated_services_router1120_integrated_services_routerfirepower_threat_defenseCisco Firepower Threat Defense Software
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-1494
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.17% / 38.66%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 16:21
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Firepower Threat Defense SoftwareCisco UTD SNORT IPS Engine Softwarefirepower_threat_defense_softwareutd_snort_ips_engine_software
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-1389
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.23% / 45.24%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:40
Updated-08 Nov, 2024 | 23:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR and Cisco NX-OS Software IPv6 Access Control List Bypass Vulnerability

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ncs_5502-sencs_5508ncs_5501ncs_540ncs_560nx-osncs_5516nexus_9500_rnexus_3600ios_xrncs_5502ncs_5501-seCisco IOS XR Software
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • Next
Details not found