Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Multiple Cisco Products Snort Modbus Denial of Service Vulnerability

cisco-sa-snort-dos-9D3hJLuj · High · Published · Updated

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj

Cisco advisory · CSAF JSON

Workarounds

While there are no workarounds that address this vulnerability, for FTD Software that is managed by Firepower Management Center (FMC) the Modbus preprocessor can be disabled to mitigate the attack vector for this vulnerability.

To disable a preprocessor in an FTD NAP for a device running Snort 2, see Preprocessor Configuration in a Network Analysis Policy Notes ["https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/getting_started_with_network_analysis_policies.html#ID-2245-000001d4"].

To disable an inspector in an FTD NAP for a device running Snort 3, see Custom Network Analysis Policy Creation for Snort 3 ["https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/getting_started_with_network_analysis_policies.html#Cisco_Concept.dita_a05cb5f4-3dc2-47f2-8aa1-b928ed67a410_snort3"].

For an FTD device managed by Firepower Device Manager (FDM), the device must be running Snort 3. For more information, see Configuring the Network Analysis Policy (Snort 3) ["https://www.cisco.com/c/en/us/td/docs/security/firepower/710/fdm/fptd-fdm-config-guide-710/fptd-fdm-intrusion.html#Cisco_Task_in_List_GUI.dita_49189b70-682c-4336-9620-fe104df820f6"].

If you need assistance implementing this mitigation, contact the Cisco Technical Assistance Center (TAC) ["https://www.cisco.com/go/tac/"].

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2022-20685
Cisco Bug IDsCSCvz79589, CSCvz25197, CSCvz27235, CSCvz34380
CVSS ScoreBase 7.5
Base 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS XE Software, Cisco Meraki MX Firmware, Cisco Cyber Vision, Cisco UTD SNORT IPS Engine Software, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.1, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.2, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.3, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.4, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.5, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.6, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.7, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.8, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.10, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.11, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.9, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.12, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.13, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.14, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.15, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.16, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.17, Cisco Secure Firewall Threat Defense (FTD) Software 6.2.3.18, Cisco Secure Firewall Threat Defense (FTD) Software 6.6.0, Cisco Secure Firewall Threat Defense (FTD) Software 6.6.0.1, Cisco Secure Firewall Threat Defense (FTD) Software 6.6.1, Cisco Secure Firewall Threat Defense (FTD) Software 6.6.3, Cisco Secure Firewall Threat Defense (FTD) Software 6.6.4, Cisco Secure Firewall Threat Defense (FTD) Software 6.6.5, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.1, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.3, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.2, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.4, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.5, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.6, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.7, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.8, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.9, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.10, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.11, Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.12, Cisco Secure Firewall Threat Defense (FTD) Software 7.0.0, Cisco Secure Firewall Threat Defense (FTD) Software 7.0.0.1, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco Firepower 2100 Series, Cisco Firepower 1000 Series, Cisco ASA 5500-X Series Firewalls, Cisco 3000 Series Industrial Security Appliances (ISA), Cisco Firepower 9000 Series, Cisco Firepower 4100 Series, Cisco Secure Firewall Threat Defense Virtual

Related Products

Product CVE Evidence
Cisco UTD SNORT IPS Engine Software CVE-2022-20685 Cisco OpenVuln
Cisco Secure Firewall Threat Defense Virtual CVE-2022-20685 Cisco OpenVuln
Cisco Secure Firewall Threat Defense (FTD) Software CVE-2022-20685 Cisco OpenVuln
Cisco Meraki MX Firmware CVE-2022-20685 Cisco OpenVuln
Cisco IOS XE Software CVE-2022-20685 Cisco OpenVuln
Cisco IOS CVE-2022-20685 Cisco OpenVuln
Cisco Firepower 9000 Series CVE-2022-20685 Cisco OpenVuln
Cisco Firepower 4100 Series CVE-2022-20685 Cisco OpenVuln
Cisco Firepower 2100 Series CVE-2022-20685 Cisco OpenVuln
Cisco Firepower 1000 Series CVE-2022-20685 Cisco OpenVuln
Cisco Cyber Vision CVE-2022-20685 Cisco OpenVuln
Cisco ASA 5500-X Series Firewalls CVE-2022-20685 Cisco OpenVuln
Cisco 3000 Series Industrial Security Appliances (ISA) CVE-2022-20685 Cisco OpenVuln
Cisco Catalyst 9600 Series Switches CVE-2022-20685 Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches CVE-2022-20685 Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches CVE-2022-20685 Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches CVE-2022-20685 Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches CVE-2022-20685 Cisco OpenVuln · software-dependent