BDU:2024-10831

Опубликовано: 23 окт. 2024

Источник: fstec

CVSS3: 5.8

CVSS2: 5

EPSS Низкий

Описание

Уязвимость модуля Snort микропрограммного обеспечения межсетевых экранов Cisco Firepower Threat Defense (FTD) связана с неверным сравнением количества подключений. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие ограничения безопасности

Вендор

Cisco Systems Inc.

Наименование ПО

Firepower Threat Defense

Snort

Версия ПО

7.0.0 (Firepower Threat Defense)

7.2.0.1 (Firepower Threat Defense)

7.0.0.1 (Firepower Threat Defense)

7.0.1 (Firepower Threat Defense)

7.0.1.1 (Firepower Threat Defense)

7.0.2 (Firepower Threat Defense)

7.0.2.1 (Firepower Threat Defense)

7.0.3 (Firepower Threat Defense)

7.0.4 (Firepower Threat Defense)

7.1.0.1 (Firepower Threat Defense)

7.1.0.2 (Firepower Threat Defense)

7.0.5 (Firepower Threat Defense)

7.1.0.3 (Firepower Threat Defense)

7.3.1.1 (Firepower Threat Defense)

6.7.0.1 (Firepower Threat Defense)

6.7.0.2 (Firepower Threat Defense)

6.7.0.3 (Firepower Threat Defense)

7.0.6 (Firepower Threat Defense)

7.2.4.1 (Firepower Threat Defense)

2 (Snort)

7.0.6.1 (Firepower Threat Defense)

7.2.5.1 (Firepower Threat Defense)

7.3.1.2 (Firepower Threat Defense)

7.2.5.2 (Firepower Threat Defense)

7.4.1.1 (Firepower Threat Defense)

от 3 до 3.1.74.0 (Snort)

Тип ПО

ПО программно-аппаратного средства

Программное средство защиты

Операционные системы и аппаратные платформы

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5)

Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,8)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-rf-bypass-OY8f3pnM

Идентификаторы других систем описаний уязвимостей

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-20342
CVE

EPSS

Процентиль: 11%

0.00037

Низкий

5.8 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

CVE-2024-20342

CVSS3: 5.8

nvd

больше 1 года назад

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.  This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device.

GHSA-hf42-4qwp-gc9r

CVSS3: 5.8

github

больше 1 года назад

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter. This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device.

EPSS

Процентиль: 11%

0.00037

Низкий

5.8 Medium

CVSS3

5 Medium

CVSS2