CVE-2023-20071

Published Nov 1, 2023

Last updated 10 months ago

CVSS medium 5.8

Overview

Description: Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.8
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
ykramarz@cisco.com: CWE-1039

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C62E4A4C-EE6D-49B5-ADCC-21386CD9F2D9",
            "versionEndExcluding": "6.4.0.17"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2A381B6-2AEF-4A0F-A151-8C3CEBBA7AC2",
            "versionEndExcluding": "7.0.6",
            "versionStartIncluding": "6.5.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB0ABE0D-B90E-45BD-8978-DD6EBC863EC6",
            "versionEndExcluding": "7.2.4",
            "versionStartIncluding": "7.1.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "233409FB-3D8D-41A9-BEC6-8A0E758717ED",
            "versionEndExcluding": "7.3.1.2",
            "versionStartIncluding": "7.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:snort:snort:2.0:-:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4C27CF59-184F-4FFD-9CE8-87F2589EB5AA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7792398D-F563-4441-900D-ABFECAA884AF",
            "versionEndExcluding": "7.0.5",
            "versionStartIncluding": "6.7.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F64FDF4-9696-4FC8-9ADA-DF1727EF1A63",
            "versionEndExcluding": "7.1.0.3",
            "versionStartIncluding": "7.1.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F712E334-BA34-4D9C-9E72-DBEFCF9B0E66",
            "versionEndExcluding": "7.2.1",
            "versionStartIncluding": "7.2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B5D0C2A5-A925-475B-8B2F-F8E3F27C0876",
            "versionEndExcluding": "3.1.32.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:cyber_vision:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCA9E447-86A4-46AC-9D6B-55D6F8664488",
            "versionEndExcluding": "4.1.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE0EDFC9-F9CD-487F-AB5C-38E8340BF427",
            "versionEndExcluding": "17.3.8",
            "versionStartIncluding": "17.3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85C85786-8BA2-4194-9A07-9F8E676E75C9",
            "versionEndExcluding": "17.6.6",
            "versionStartIncluding": "17.6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B50A5D29-0995-469D-86B8-0C5473FC54FC",
            "versionEndExcluding": "17.9.4",
            "versionStartIncluding": "17.9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DB2D2F1-FB90-485D-B6B4-B6E0A9351C95",
            "versionEndExcluding": "17.11.1a",
            "versionStartIncluding": "17.11"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_threat_defense:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC04A2AB-CAAA-4723-90FD-C35CED76E029",
            "versionEndExcluding": "17.12.1a",
            "versionStartIncluding": "17.12"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:meraki_mx_security_appliance_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C60FD7B-F41F-4307-B3F4-905E7B7C17AF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References