CVE-2022-20943
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.
These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition.
Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information.
Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.
Múltiples vulnerabilidades en el procesador de Server Message Block Versión 2 (SMB2) del motor de detección Snort en múltiples productos Cisco podrían permitir que un atacante remoto no autenticado omita las políticas configuradas o cause una condición de Denegación de Servicio (DoS) en un dispositivo afectado. Estas vulnerabilidades se deben a una gestión inadecuada de los recursos del sistema cuando el motor de detección de Snort procesa el tráfico SMB2. Un atacante podría aprovechar estas vulnerabilidades enviando una alta tasa de ciertos tipos de paquetes SMB2 a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante activar una recarga del proceso Snort, lo que resultaría en una condición DoS.
Nota: Cuando la opción Snort preserve-connection está habilitada para el motor de detección de Snort, un exploit exitoso también podría permitir al atacante eludir las políticas configuradas y entregar un payload malicioso a la red protegida. La configuración de conexión de preservación de Snort está habilitada de forma predeterminada. Consulte la sección Detalles [""#details""] de este aviso para obtener más información.
Nota: Sólo se ven afectados los productos que tienen Snort 3 configurado. Los productos configurados con Snort 2 no se ven afectados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-02 CVE Reserved
- 2022-11-10 CVE Published
- 2024-06-02 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 7.0.0 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 7.0.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 7.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense" | 7.0.1.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.0.0 Search vendor "Cisco" for product "Cyber Vision" and version "3.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.0.1 Search vendor "Cisco" for product "Cyber Vision" and version "3.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.0.2 Search vendor "Cisco" for product "Cyber Vision" and version "3.0.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.0.3 Search vendor "Cisco" for product "Cyber Vision" and version "3.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.0.5 Search vendor "Cisco" for product "Cyber Vision" and version "3.0.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.0.6 Search vendor "Cisco" for product "Cyber Vision" and version "3.0.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.1.0 Search vendor "Cisco" for product "Cyber Vision" and version "3.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.1.1 Search vendor "Cisco" for product "Cyber Vision" and version "3.1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.1.2 Search vendor "Cisco" for product "Cyber Vision" and version "3.1.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.2.0 Search vendor "Cisco" for product "Cyber Vision" and version "3.2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.2.1 Search vendor "Cisco" for product "Cyber Vision" and version "3.2.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.2.2 Search vendor "Cisco" for product "Cyber Vision" and version "3.2.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.2.3 Search vendor "Cisco" for product "Cyber Vision" and version "3.2.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 3.2.4 Search vendor "Cisco" for product "Cyber Vision" and version "3.2.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 4.0.0 Search vendor "Cisco" for product "Cyber Vision" and version "4.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 4.0.1 Search vendor "Cisco" for product "Cyber Vision" and version "4.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 4.0.2 Search vendor "Cisco" for product "Cyber Vision" and version "4.0.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 4.0.3 Search vendor "Cisco" for product "Cyber Vision" and version "4.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 4.1.0 Search vendor "Cisco" for product "Cyber Vision" and version "4.1.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cyber Vision Search vendor "Cisco" for product "Cyber Vision" | 4.1.1 Search vendor "Cisco" for product "Cyber Vision" and version "4.1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meraki Mx Security Appliance Firmware Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" | < 16.6.7 Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" and version " < 16.6.7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meraki Mx Security Appliance Firmware Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" | >= 17.0 < 17.11.1 Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" and version " >= 17.0 < 17.11.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Meraki Mx Security Appliance Firmware Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" | >= 18.0 < 18.1.3 Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" and version " >= 18.0 < 18.1.3" | - |
Affected
| ||||||