Authentication Bypass by Spoofing in Cisco Products

Published: 2024-05-27

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-20363
CWE-ID	CWE-290
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Cisco IOS XE Operating systems & Components / Operating system FirePOWER Services Client/Desktop applications / Antivirus software/Personal firewalls Cisco Firepower Threat Defense (FTD) Hardware solutions / Security hardware applicances Cisco 1000 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc 4000 Series Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8000V Edge Software Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8200 Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8300 Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 8500L Series Edge Platforms Hardware solutions / Routers & switches, VoIP, GSM, etc Cloud Services Routers 1000V Series Hardware solutions / Routers & switches, VoIP, GSM, etc Integrated Services Virtual Router Hardware solutions / Routers & switches, VoIP, GSM, etc Open Source Snort 3 Server applications / IDS/IPS systems, Firewalls and proxy servers
Vendor	Cisco Systems, Inc

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Authentication Bypass by Spoofing

EUVDB-ID: #VU89834

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-20363

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to incorrect HTTP packet handling. A remote attacker can send specially crafted HTTP packets, bypass configured IPS rules and allow uninspected traffic onto the network.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XE: 17.12 - 17.13

FirePOWER Services: All versions

Cisco Firepower Threat Defense (FTD): All versions

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Catalyst 8000V Edge Software: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8300 Series Edge Platforms: All versions

Catalyst 8500L Series Edge Platforms: All versions

Cloud Services Routers 1000V Series: All versions

Integrated Services Virtual Router: All versions

Open Source Snort 3: All versions

CPE2.3

External links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.