CVE-2023-20031

2023-11-0118:15:08

Debian Security Bug Tracker

security-tracker.debian.org

ssl/tls

certificate handling

remote attacker

snort 3

cisco firepower

logic error

dos condition

unix

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

JSON

A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required.

OSVersionArchitecturePackageVersionFilename
Debian11allsnort<= 2.9.15.1-5snort_2.9.15.1-5_all.deb
Debian10allsnort<= 2.9.7.0-5snort_2.9.7.0-5_all.deb
Debian999allsnort<= 2.9.15.1-6snort_2.9.15.1-6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	snort	<= 2.9.15.1-5	snort_2.9.15.1-5_all.deb
Debian	10	all	snort	<= 2.9.7.0-5	snort_2.9.7.0-5_all.deb
Debian	999	all	snort	<= 2.9.15.1-6	snort_2.9.15.1-6_all.deb