// For flags

CVE-2023-20070

 

Severity Score

4.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required.

Una vulnerabilidad en la implementación de TLS 1.3 del software Cisco Firepower Threat Defense (FTD) podría permitir que un atacante remoto no autenticado provoque que el motor de detección Snort 3 se reinicie inesperadamente. Esta vulnerabilidad se debe a un error lógico en cómo se manejan las asignaciones de memoria durante una sesión TLS 1.3. Bajo limitaciones de tiempo específicas, un atacante podría aprovechar esta vulnerabilidad enviando una secuencia de mensajes TLS 1.3 manipulada a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante hacer que el motor de detección de Snort 3 se recargue, lo que resultaría en una condición de Denegación de Servicio (DoS). Mientras el motor de detección de Snort se recarga, los paquetes que pasan por el dispositivo FTD y se envían al motor de detección de Snort se descartarán. El motor de detección de Snort se reiniciará automáticamente. No se requiere intervención manual.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-10-27 CVE Reserved
  • 2023-11-01 CVE Published
  • 2023-11-15 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
 7.2.0
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.2.0"
-
Affected
Cisco
Search vendor "Cisco"
 Firepower Threat Defense
Search vendor "Cisco" for product "Firepower Threat Defense"
 7.2.0.1
Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.2.0.1"
-
Affected