CVE-2022-20943

CWE-2444 documents4 sources
Severity
5.8MEDIUM
EPSS
0.3%
top 48.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Meraki MX Security Appliance FirmwareCisco Cisco Cyber VisionCisco Cisco Firepower Threat Defense Software+2 more
Timeline
PublishedNov 15
Latest updateNov 16

Description

Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certai

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

NVDcisco/cyber_vision20 versions+19
CVEListV5cisco/cisco_cyber_vision21 versions+20

🔴Vulnerability Details

2
GHSA
GHSA-wfgx-7r85-fvqv: Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow a2022-11-16
CVEList
CVE-2022-20943: Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow a2022-11-10

📋Vendor Advisories

1
Cisco
Multiple Cisco Products Snort SMB2 Detection Engine Policy Bypass and Denial of Service Vulnerabilities2022-11-09
CVE-2022-20943 (MEDIUM CVSS 5.8) | Multiple vulnerabilities in the Ser | cvebase.io