CiscoCVELIST:CVE-2024-20363CVE-2024-20363
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco Firepower Threat Defense Software",
"versions": [
{
"version": "7.4.0",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco UTD SNORT IPS Engine Software",
"versions": [
{
"version": "17.6.4",
"status": "affected"
},
{
"version": "17.6.5",
"status": "affected"
},
{
"version": "17.12.1a",
"status": "affected"
},
{
"version": "17.12.2",
"status": "affected"
}
]
}
]Related
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%