CVE-2023-20177

Severity Score

4.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required.

Una vulnerabilidad en la implementación de la política de archivos SSL del software Cisco Firepower Threat Defense (FTD) que ocurre cuando la conexión SSL/TLS está configurada con una categoría de URL y el motor de detección Snort 3 podría permitir que un atacante remoto no autenticado provoque la detección de Snort 3. el motor se reinicie inesperadamente. Esta vulnerabilidad existe porque se produce un error lógico cuando un motor de detección Snort 3 inspecciona una conexión SSL/TLS que tiene una categoría de URL configurada en la política de archivos SSL o una categoría de URL configurada en una política de control de acceso con el descubrimiento de identidad del servidor TLS habilitado. Bajo limitaciones específicas basadas en el tiempo, un atacante podría aprovechar esta vulnerabilidad enviando una conexión SSL/TLS manipulada a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante activar una recarga inesperada del motor de detección de Snort 3, lo que resultaría en una condición de omisión o Denegación de Servicio (DoS), según la configuración del dispositivo. El motor de detección de Snort 3 se reiniciará automáticamente. No se requiere intervención manual.

*Credits: N/A

CVSS Scores

NISTv3.1 4.0

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-27 CVE Reserved
2023-11-01 CVE Published
2023-11-15 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort3-urldos-OccFQTeX	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.0 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.0.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.1.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.1.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.2 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.2"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.2.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.2.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.3"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.4 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.4"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.0.5 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.0.5"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.1.0 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.1.0"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.1.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.1.0.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.1.0.2 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.1.0.2"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.1.0.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.1.0.3"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.2.0 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.2.0"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.2.0.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.2.0.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.2.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.2.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.2.2 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.2.2"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.2.3 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.2.3"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.3.0 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.3.0"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.3.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.3.1"		-		Affected
Cisco Search vendor "Cisco"		Firepower Threat Defense Search vendor "Cisco" for product "Firepower Threat Defense"				7.3.1.1 Search vendor "Cisco" for product "Firepower Threat Defense" and version "7.3.1.1"		-		Affected