Security features bypass in multiple Cisco Products

Published: 2023-11-03

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2023-20071
CWE-ID	CWE-254
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Cisco Firepower Threat Defense (FTD) Hardware solutions / Security hardware applicances FirePOWER Services Client/Desktop applications / Antivirus software/Personal firewalls Cyber Vision Client/Desktop applications / Antivirus software/Personal firewalls Umbrella Secure Internet Gateway Client/Desktop applications / Antivirus software/Personal firewalls Open Source Snort 2 Server applications / IDS/IPS systems, Firewalls and proxy servers Open Source Snort 3 Server applications / IDS/IPS systems, Firewalls and proxy servers Cisco UTD Snort IPS Engine Software for IOS XE Other software / Other software solutions Cisco UTD Engine for IOS XE SD-WAN Other software / Other software solutions Meraki MX Security Appliances Other software / Other software solutions Cisco 1000 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc 4000 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8000V Edge Software Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8200 Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8300 Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8500L Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Cloud Services Routers 1000V Series Hardware solutions / Routers & switches, VoIP, GSM, etc Integrated Services Virtual Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX64 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX64W Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX65 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX65W Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX67 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX67C Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX68 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX68WC Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX75 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX84 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX85 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX95 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX100 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX105 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX250 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX400 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX450 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX600 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MX67W Hardware solutions / Firmware Cisco Meraki MX68W Hardware solutions / Firmware
Vendor	Cisco Systems, Inc

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Security features bypass

EUVDB-ID: #VU82708

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20071

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a flaw in the FTP module of the Snort detection engine. A remote attacker can send specially crafted FTP traffic, bypass FTP inspection and deliver a malicious payload.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.3.0 - 7.3.0

FirePOWER Services: All versions

Open Source Snort 2: All versions

Cisco UTD Snort IPS Engine Software for IOS XE: 17.3 - 17.12

Cisco UTD Engine for IOS XE SD-WAN: 17.3 - 17.12

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Catalyst 8000V Edge Software: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8300 Series Edge Platforms: All versions

Catalyst 8500L Series Edge Platforms: All versions

Cloud Services Routers 1000V Series: All versions

Integrated Services Virtual Router: All versions

Meraki MX Security Appliances: MX15 - MX18

Cisco Meraki MX64: All versions

Cisco Meraki MX64W: All versions

Cisco Meraki MX65: All versions

Cisco Meraki MX65W: All versions

Cisco Meraki MX67: All versions

Cisco Meraki MX67C: All versions

Cisco Meraki MX67W: All versions

Cisco Meraki MX68: All versions

Cisco Meraki MX68W: All versions

Cisco Meraki MX68WC: All versions

Cisco Meraki MX75: All versions

Cisco Meraki MX84: All versions

Cisco Meraki MX85: All versions

Cisco Meraki MX95: All versions

Cisco Meraki MX100: All versions

Cisco Meraki MX105: All versions

Cisco Meraki MX250: All versions

Cisco Meraki MX400: All versions

Cisco Meraki MX450: All versions

Cisco Meraki MX600: All versions

Cyber Vision: 3.2.4 - 4.1

Umbrella Secure Internet Gateway: All versions

Open Source Snort 3: before 3.1.32.0

External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.