Lucene search

CiscoCISCO-SA-SA-FTD-SNORT3-URLDOS-OCCFQTEX

HistoryNov 01, 2023 - 4:00 p.m.

Cisco Firepower Threat Defense Software SSL/TLS URL Category and Snort 3 Detection Engine Bypass and Denial of Service Vulnerability

2023-11-0116:00:00

tools.cisco.com

cisco firepower threat defense

ssl/tls

url category

snort 3

vulnerability

remote attacker

denial of service

workarounds

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

JSON

A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart.

This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. See the Details [“#details”] section of this advisory for more information. The Snort 3 detection engine will restart automatically. No manual intervention is required.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort3-urldos-OccFQTeX [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort3-urldos-OccFQTeX”]

This advisory is part of the November 2023 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: November 2023 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74985”].

Affected configurations

Vulners

Node

ciscofirepower_threat_defense_softwareMatch7.0

ciscofirepower_threat_defense_softwareMatch7.1

ciscofirepower_threat_defense_softwareMatch7.2

ciscofirepower_threat_defense_softwareMatch7.3

ciscofirepowerMatchany

ciscoasr_1000_series_softwareMatchany

ciscoindustrial_network_directorMatchany

cisconx-osMatchanynexus_9000_series

ciscofirepowerMatchany

ciscofirepower_threat_defenseMatchany

ciscopix_firewallMatchany

ciscofirepower_threat_defense_softwareMatch7.0.0

ciscofirepower_threat_defense_softwareMatch7.0.0.1

ciscofirepower_threat_defense_softwareMatch7.0.1

ciscofirepower_threat_defense_softwareMatch7.0.1.1

ciscofirepower_threat_defense_softwareMatch7.0.2

ciscofirepower_threat_defense_softwareMatch7.0.2.1

ciscofirepower_threat_defense_softwareMatch7.0.3

ciscofirepower_threat_defense_softwareMatch7.0.4

ciscofirepower_threat_defense_softwareMatch7.0.5

ciscofirepower_threat_defense_softwareMatch7.1.0

ciscofirepower_threat_defense_softwareMatch7.1.0.1

ciscofirepower_threat_defense_softwareMatch7.1.0.2

ciscofirepower_threat_defense_softwareMatch7.1.0.3

ciscofirepower_threat_defense_softwareMatch7.2.0

ciscofirepower_threat_defense_softwareMatch7.2.0.1

ciscofirepower_threat_defense_softwareMatch7.2.1

ciscofirepower_threat_defense_softwareMatch7.2.2

ciscofirepower_threat_defense_softwareMatch7.2.3

ciscofirepower_threat_defense_softwareMatch7.3.0

ciscofirepower_threat_defense_softwareMatch7.3.1

ciscofirepower_threat_defense_softwareMatch7.3.1.1

ciscofirepower_threat_defense_softwareMatch7.3.1.2

ciscofirepower_threat_defense_softwareMatch2100_series