Lucene search

[email protected]CVE-2023-20031

HistoryNov 01, 2023 - 6:15 p.m.

CVE-2023-20031

2023-11-0118:15:08

CWE-244

[email protected]

web.nvd.nist.gov

ssl/tls

certificate handling

snort 3 detection engine

cisco firepower threat defense

ftd software

remote attacker

denial of service

logic error

cve-2023-20031

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.8%

JSON

A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required.

Affected configurations

NVD

Node

ciscofirepower_threat_defenseMatch6.7.0

ciscofirepower_threat_defenseMatch6.7.0.1

ciscofirepower_threat_defenseMatch6.7.0.2

ciscofirepower_threat_defenseMatch6.7.0.3

ciscofirepower_threat_defenseMatch7.0.0

ciscofirepower_threat_defenseMatch7.0.0.1

ciscofirepower_threat_defenseMatch7.0.1

ciscofirepower_threat_defenseMatch7.0.1.1

ciscofirepower_threat_defenseMatch7.0.2

ciscofirepower_threat_defenseMatch7.0.2.1

ciscofirepower_threat_defenseMatch7.0.3

ciscofirepower_threat_defenseMatch7.0.4

ciscofirepower_threat_defenseMatch7.0.5

ciscofirepower_threat_defenseMatch7.2.0

ciscofirepower_threat_defenseMatch7.2.0.1

CPENameOperatorVersion
cisco:firepower_threat_defensecisco firepower threat defenseeq6.7.0
cisco:firepower_threat_defensecisco firepower threat defenseeq6.7.0.1
cisco:firepower_threat_defensecisco firepower threat defenseeq6.7.0.2
cisco:firepower_threat_defensecisco firepower threat defenseeq6.7.0.3
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.0
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.0.1
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.1
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.1.1
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.2
cisco:firepower_threat_defensecisco firepower threat defenseeq7.0.2.1

CPE	Name	Operator	Version
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.7.0
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.7.0.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.7.0.2
cisco:firepower_threat_defense	cisco firepower threat defense	eq	6.7.0.3
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.0
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.0.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.1.1
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.2
cisco:firepower_threat_defense	cisco firepower threat defense	eq	7.0.2.1

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Threat Defense Software",
    "versions": [
      {
        "version": "6.7.0",
        "status": "affected"
      },
      {
        "version": "6.7.0.1",
        "status": "affected"
      },
      {
        "version": "6.7.0.2",
        "status": "affected"
      },
      {
        "version": "6.7.0.3",
        "status": "affected"
      },
      {
        "version": "7.0.0",
        "status": "affected"
      },
      {
        "version": "7.0.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.1.1",
        "status": "affected"
      },
      {
        "version": "7.0.2",
        "status": "affected"
      },
      {
        "version": "7.0.2.1",
        "status": "affected"
      },
      {
        "version": "7.0.3",
        "status": "affected"
      },
      {
        "version": "7.0.4",
        "status": "affected"
      },
      {
        "version": "7.0.5",
        "status": "affected"
      },
      {
        "version": "7.2.0",
        "status": "affected"
      },
      {
        "version": "7.2.0.1",
        "status": "affected"
      }
    ]
  }
]