// For flags

CVE-2022-20943

 

Severity Score

5.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.
These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition.
Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information.
Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.

Múltiples vulnerabilidades en el procesador de Server Message Block Versión 2 (SMB2) del motor de detección Snort en múltiples productos Cisco podrían permitir que un atacante remoto no autenticado omita las políticas configuradas o cause una condición de Denegación de Servicio (DoS) en un dispositivo afectado. Estas vulnerabilidades se deben a una gestión inadecuada de los recursos del sistema cuando el motor de detección de Snort procesa el tráfico SMB2. Un atacante podría aprovechar estas vulnerabilidades enviando una alta tasa de ciertos tipos de paquetes SMB2 a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante activar una recarga del proceso Snort, lo que resultaría en una condición DoS.
Nota: Cuando la opción Snort preserve-connection está habilitada para el motor de detección de Snort, un exploit exitoso también podría permitir al atacante eludir las políticas configuradas y entregar un payload malicioso a la red protegida. La configuración de conexión de preservación de Snort está habilitada de forma predeterminada. Consulte la sección Detalles [""#details""] de este aviso para obtener más información.
Nota: Sólo se ven afectados los productos que tienen Snort 3 configurado. Los productos configurados con Snort 2 no se ven afectados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-11-02 CVE Reserved
  • 2022-11-10 CVE Published
  • 2024-06-02 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0"
-
Affected
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.0.1
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.1"
-
Affected
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.1
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.1"
-
Affected
Cisco
Search vendor "Cisco"
Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
7.0.1.1
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.1.1"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.0.0
Search vendor "Cisco" for product "Cyber Vision" and version "3.0.0"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.0.1
Search vendor "Cisco" for product "Cyber Vision" and version "3.0.1"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.0.2
Search vendor "Cisco" for product "Cyber Vision" and version "3.0.2"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.0.3
Search vendor "Cisco" for product "Cyber Vision" and version "3.0.3"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.0.5
Search vendor "Cisco" for product "Cyber Vision" and version "3.0.5"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.0.6
Search vendor "Cisco" for product "Cyber Vision" and version "3.0.6"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.1.0
Search vendor "Cisco" for product "Cyber Vision" and version "3.1.0"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.1.1
Search vendor "Cisco" for product "Cyber Vision" and version "3.1.1"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.1.2
Search vendor "Cisco" for product "Cyber Vision" and version "3.1.2"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.2.0
Search vendor "Cisco" for product "Cyber Vision" and version "3.2.0"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.2.1
Search vendor "Cisco" for product "Cyber Vision" and version "3.2.1"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.2.2
Search vendor "Cisco" for product "Cyber Vision" and version "3.2.2"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.2.3
Search vendor "Cisco" for product "Cyber Vision" and version "3.2.3"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
3.2.4
Search vendor "Cisco" for product "Cyber Vision" and version "3.2.4"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
4.0.0
Search vendor "Cisco" for product "Cyber Vision" and version "4.0.0"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
4.0.1
Search vendor "Cisco" for product "Cyber Vision" and version "4.0.1"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
4.0.2
Search vendor "Cisco" for product "Cyber Vision" and version "4.0.2"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
4.0.3
Search vendor "Cisco" for product "Cyber Vision" and version "4.0.3"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
4.1.0
Search vendor "Cisco" for product "Cyber Vision" and version "4.1.0"
-
Affected
Cisco
Search vendor "Cisco"
Cyber Vision
Search vendor "Cisco" for product "Cyber Vision"
4.1.1
Search vendor "Cisco" for product "Cyber Vision" and version "4.1.1"
-
Affected
Cisco
Search vendor "Cisco"
Meraki Mx Security Appliance Firmware
Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware"
< 16.6.7
Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" and version " < 16.6.7"
-
Affected
Cisco
Search vendor "Cisco"
Meraki Mx Security Appliance Firmware
Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware"
>= 17.0 < 17.11.1
Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" and version " >= 17.0 < 17.11.1"
-
Affected
Cisco
Search vendor "Cisco"
Meraki Mx Security Appliance Firmware
Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware"
>= 18.0 < 18.1.3
Search vendor "Cisco" for product "Meraki Mx Security Appliance Firmware" and version " >= 18.0 < 18.1.3"
-
Affected