CVE-2024-20363

Summary

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Firepower Threat Defense Software7.4.0affected
CiscoCisco UTD SNORT IPS Engine Software17.6.4affected
CiscoCisco UTD SNORT IPS Engine Software17.6.5affected
CiscoCisco UTD SNORT IPS Engine Software17.12.1aaffected
CiscoCisco UTD SNORT IPS Engine Software17.12.2affected

Weaknesses

  • CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References