CVE-2023-20083 — Infinite Loop in Cisco Firepower Threat Defense

CWE-835 — Infinite Loop4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.3%

top 43.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Cisco Firepower Threat Defense Software

Timeline

PublishedNov 1

Description

A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_software72 versions+71

▶NVDcisco/firepower_threat_defense6.2.3 — 6.2.3.18+7

🔴Vulnerability Details

GHSA

GHSA-f2q5-h9mf-9537: A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow a↗2023-11-01

▶

CVEList

CVE-2023-20083: A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow a↗2023-11-01

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software and Cisco FirePOWER Services ICMPv6 with Snort 2 Denial of Service Vulnerability↗2023-11-01

▶