CVE-2022-20950

A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*

History

25 Jan 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-dos-A4cHeArC', 'tags': ['Patch', 'Vendor Advisory'], 'source': 'ykramarz@cisco.com'}
  • () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-dos-A4cHeArC -
CWE CWE-770

07 Nov 2023, 03:43

Type Values Removed Values Added
Summary A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition. A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition.

22 Nov 2022, 14:50

Type Values Removed Values Added
References (MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-dos-A4cHeArC - (MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-dos-A4cHeArC - Patch, Vendor Advisory
First Time Cisco
Cisco firepower Threat Defense
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-754
CPE cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*

15 Nov 2022, 21:56

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-15 21:15

Updated : 2024-01-25 17:15


NVD link : CVE-2022-20950

Mitre link : CVE-2022-20950

CVE.ORG link : CVE-2022-20950


JSON object : View

Products Affected

cisco

  • firepower_threat_defense
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-770

Allocation of Resources Without Limits or Throttling