CVE-2022-20922

Summary

Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Firepower Threat Defense Software7.1.0affected
CiscoCisco Firepower Threat Defense Software7.1.0.1affected
CiscoCisco Firepower Threat Defense Software7.1.0.2affected
CiscoCisco Firepower Threat Defense Software7.2.0affected
CiscoCisco Firepower Threat Defense Software7.2.0.1affected
CiscoCisco Umbrella Insights Virtual Appliance1.5.4affected
CiscoCisco Umbrella Insights Virtual Appliance1.5.5affected
CiscoCisco Umbrella Insights Virtual Appliance1.5.6affected
CiscoCisco Umbrella Insights Virtual Appliance2.0.0affected
CiscoCisco Umbrella Insights Virtual Appliance2.0.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.0.3affected
CiscoCisco Umbrella Insights Virtual Appliance2.1.0affected
CiscoCisco Umbrella Insights Virtual Appliance2.1.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.1.5affected
CiscoCisco Umbrella Insights Virtual Appliance2.1.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.4.12affected
CiscoCisco Umbrella Insights Virtual Appliance2.4.6affected
CiscoCisco Umbrella Insights Virtual Appliance2.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.4.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.5affected
CiscoCisco Umbrella Insights Virtual Appliance2.5.4affected
CiscoCisco Umbrella Insights Virtual Appliance2.5.5affected
CiscoCisco Umbrella Insights Virtual Appliance2.5.6affected
CiscoCisco Umbrella Insights Virtual Appliance2.5.7affected
CiscoCisco Umbrella Insights Virtual Appliance2.6.0affected
CiscoCisco Umbrella Insights Virtual Appliance2.6.1affected
CiscoCisco Umbrella Insights Virtual Appliance2.6.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.7affected
CiscoCisco Umbrella Insights Virtual Appliance2.8affected
CiscoCisco Umbrella Insights Virtual Appliance2.8.9affected
CiscoCisco Umbrella Insights Virtual Appliance3.0affected
CiscoCisco Umbrella Insights Virtual Appliance3.1affected
CiscoCisco Umbrella Insights Virtual Appliance3.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.3.1affected
CiscoCisco Umbrella Insights Virtual Appliance2.3affected
CiscoCisco Umbrella Insights Virtual Appliance2.2affected
CiscoCisco Umbrella Insights Virtual Appliance2.2.1affected
CiscoCisco Cyber Vision3.0.4affected
CiscoCisco Cyber Vision3.0.0affected
CiscoCisco Cyber Vision3.0.1affected
CiscoCisco Cyber Vision3.0.2affected
CiscoCisco Cyber Vision3.0.3affected
CiscoCisco Cyber Vision3.0.5affected
CiscoCisco Cyber Vision3.0.6affected
CiscoCisco Cyber Vision3.1.0affected
CiscoCisco Cyber Vision3.1.2affected
CiscoCisco Cyber Vision3.1.1affected
CiscoCisco Cyber Vision3.2.3affected
CiscoCisco Cyber Vision3.2.1affected
CiscoCisco Cyber Vision3.2.4affected
CiscoCisco Cyber Vision3.2.0affected
CiscoCisco Cyber Vision3.2.2affected
CiscoCisco Cyber Vision4.0.0affected
CiscoCisco Cyber Vision4.0.1affected
CiscoCisco Cyber Vision4.0.2affected
CiscoCisco Cyber Vision4.0.3affected
CiscoCisco Cyber Vision4.1.0affected
CiscoCisco Cyber Vision4.1.1affected

Weaknesses

  • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')

ADP Enrichment

CVE Program Container

Additional References

References