Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-20246

Published: 01/11/2023 Updated: 06/02/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Snort

Vulnerability Summary

Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote malicious user to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the malicious user to bypass configured access control rules on the affected system.

Vulnerable Product Search on Vulmon Subscribe to Product

snort snort

cisco ios xe

cisco firepower threat defense

Vendor Advisories

Debian CVElist Bug Report Logs: snort: CVE-2023-20246
Debian Bug report logs - #1056281 snort: CVE-2023-20246 Package: src:snort; Maintainer for src:snort is Javier Fernández-Sanguino Peña <jfs@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 19 Nov 2023 19:57:02 UTC Severity: grave Tags: security Reply or subscribe to this bug Toggle us ...
Cisco: Multiple Cisco Products Snort 3 Access Control Policy Bypass Vulnerability
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system This vulnerability is due to a logic error that occurs when the access control policies are being populated An attacker could exploit this vulnerabil ...

References

NVD-CWE-noinfohttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEhhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056281https://nvd.nist.govhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook