CVE-2023-20083

Severity Score

8.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header. An attacker could exploit this vulnerability by sending a crafted ICMPv6 packet through an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. Note: To recover from the DoS condition, the Snort 2 Detection Engine or the Cisco FTD device may need to be restarted.

Una vulnerabilidad en la inspección ICMPv6 cuando se configura con el motor de detección Snort 2 para el software Cisco Firepower Threat Defense (FTD) podría permitir que un atacante remoto no autenticado haga que la CPU de un dispositivo afectado aumente al 100 por ciento, lo que podría detener todo el procesamiento del tráfico y resultar en una condición de Denegación de Servicio (DoS). El tráfico de gestión de FTD no se ve afectado por esta vulnerabilidad. Esta vulnerabilidad se debe a una comprobación incorrecta de errores al analizar campos dentro del encabezado ICMPv6. Un atacante podría aprovechar esta vulnerabilidad enviando un paquete ICMPv6 manipulado a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante hacer que el dispositivo agote los recursos de la CPU y deje de procesar el tráfico, lo que resultaría en una condición DoS. Nota: Para recuperarse de la condición DoS, es posible que sea necesario reiniciar el motor de detección Snort 2 o el dispositivo Cisco FTD.

*Credits: N/A

CVSS Scores

NISTv3.1 8.6

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-27 CVE Reserved
2023-11-01 CVE Published
2023-11-10 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-icmpv6-dos-4eMkLuN	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 6.2.3 <= 6.2.3.18 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.2.3 <= 6.2.3.18"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 6.4.0 <= 6.4.0.17 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.4.0 <= 6.4.0.17"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 6.6.0 <= 6.6.7.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.6.0 <= 6.6.7.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 6.7.0 <= 6.7.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 6.7.0 <= 6.7.0.3"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 7.0.0 <= 7.0.5 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 7.0.0 <= 7.0.5"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 7.1.0 <= 7.1.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 7.1.0 <= 7.1.0.3"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 7.2.0 <= 7.2.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 7.2.0 <= 7.2.3"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				>= 7.3.0 <= 7.3.1.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version " >= 7.3.0 <= 7.3.1.1"		-		Affected