CVE-2022-20685 — Integer Overflow or Wraparound in Cisco Cyber Vision

CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cyber Vision Cisco Firepower Threat Defense Software Cisco UTD Snort IPS Engine Software +3 more

Timeline

PublishedNov 15

Description

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5cisco/cisco_utd_snort_ips_engine_software43 versions+42

▶NVDcisco/unified_threat_defense_snort_intrusion_prevention_system_engine43 versions+42

▶CVEListV5cisco/cisco_firepower_threat_defense_software44 versions+43

▶NVDcisco/cyber_vision17 versions+16

▶CVEListV5cisco/cisco_cyber_vision17 versions+16

🔴Vulnerability Details

CVEList

Multiple Cisco Products Snort Modbus Denial of Service Vulnerability↗2024-11-15

▶

GHSA

GHSA-5pj6-3hcq-wv78: A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service↗2024-11-15

▶

📋Vendor Advisories

Cisco

Multiple Cisco Products Snort Modbus Denial of Service Vulnerability↗2022-01-19

▶