CVE-2023-20270

Summary

A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Firepower Threat Defense Software7.1.0affected
CiscoCisco Firepower Threat Defense Software7.1.0.1affected
CiscoCisco Firepower Threat Defense Software7.1.0.2affected
CiscoCisco Firepower Threat Defense Software7.1.0.3affected
CiscoCisco Firepower Threat Defense Software7.2.0affected
CiscoCisco Firepower Threat Defense Software7.2.0.1affected
CiscoCisco Firepower Threat Defense Software7.2.1affected
CiscoCisco Firepower Threat Defense Software7.2.2affected
CiscoCisco Firepower Threat Defense Software7.2.3affected
CiscoCisco Firepower Threat Defense Software7.3.0affected
CiscoCisco Firepower Threat Defense Software7.3.1affected
CiscoCisco Firepower Threat Defense Software7.3.1.1affected

Weaknesses

  • CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References