Authentication Bypass by Spoofing in Cisco Products



Published: 2024-05-27
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-20363
CWE-ID CWE-290
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Cisco IOS XE
Operating systems & Components / Operating system

FirePOWER Services
Client/Desktop applications / Antivirus software/Personal firewalls

Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances

Cisco 1000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc

4000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc

Catalyst 8000V Edge Software
Hardware solutions / Routers & switches, VoIP, GSM, etc

Catalyst 8200 Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc

Catalyst 8300 Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc

Catalyst 8500L Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cloud Services Routers 1000V Series
Hardware solutions / Routers & switches, VoIP, GSM, etc

Integrated Services Virtual Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Open Source Snort 3
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Authentication Bypass by Spoofing

EUVDB-ID: #VU89834

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20363

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to incorrect HTTP packet handling. A remote attacker can send specially crafted HTTP packets, bypass configured IPS rules and allow uninspected traffic onto the network.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XE: 17.12 - 17.13

FirePOWER Services: All versions

Cisco Firepower Threat Defense (FTD): All versions

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Catalyst 8000V Edge Software: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8300 Series Edge Platforms: All versions

Catalyst 8500L Series Edge Platforms: All versions

Cloud Services Routers 1000V Series: All versions

Integrated Services Virtual Router: All versions

Open Source Snort 3: before 3.1.69.0

External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###