CVE-2020-3299
Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability
Severity Score
5.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.
Múltiples productos de Cisco están afectados por una vulnerabilidad en el motor de detección de Snort que podría permitir a un atacante remoto no autenticado omitir una Política de Archivos configurada para HTTP. La vulnerabilidad es debido a una detección incorrecta de paquetes HTTP modificados utilizados en respuestas fragmentadas. Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes HTTP diseñados a través de un dispositivo afectado. Una explotación con éxito podría permitir a un atacante omitir una Política de Archivos configurada para paquetes HTTP y entregar una carga útil maliciosa
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-12 CVE Reserved
- 2020-10-21 CVE Published
- 2024-08-10 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-693: Protection Mechanism Failure
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j | 2023-05-22 | |
| https://www.debian.org/security/2023/dsa-5354 | 2023-05-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Cloud Services Router 1000v Search vendor "Cisco" for product "Cloud Services Router 1000v" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Isrv Search vendor "Cisco" for product "Isrv" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4p Search vendor "Cisco" for product "1100-4p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-8p Search vendor "Cisco" for product "1100-8p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1101-4p Search vendor "Cisco" for product "1101-4p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1109-2p Search vendor "Cisco" for product "1109-2p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1109-4p Search vendor "Cisco" for product "1109-4p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1111x-8p Search vendor "Cisco" for product "1111x-8p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4221 Integrated Services Router Search vendor "Cisco" for product "4221 Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4331 Integrated Services Router Search vendor "Cisco" for product "4331 Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4431 Integrated Services Router Search vendor "Cisco" for product "4431 Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 4461 Integrated Services Router Search vendor "Cisco" for product "4461 Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Isa 3000 Search vendor "Cisco" for product "Isa 3000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | >= 6.0.0 < 6.3.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.0.0 < 6.3.0.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Meraki Mx Search vendor "Cisco" for product "Meraki Mx" | - | - |
Safe
|
| Snort Search vendor "Snort" | Snort Search vendor "Snort" for product "Snort" | < 2.9.13.1 Search vendor "Snort" for product "Snort" and version " < 2.9.13.1" | - |
Affected
| ||||||