#VU82708 Security features bypass in Cisco Systems, Inc Hardware solutions


Published: 2023-11-03

Vulnerability identifier: #VU82708

Vulnerability risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20071

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances
FirePOWER Services
Client/Desktop applications / Antivirus software/Personal firewalls
Cyber Vision
Client/Desktop applications / Antivirus software/Personal firewalls
Umbrella Secure Internet Gateway
Client/Desktop applications / Antivirus software/Personal firewalls
Open Source Snort 2
Server applications / IDS/IPS systems, Firewalls and proxy servers
Open Source Snort 3
Server applications / IDS/IPS systems, Firewalls and proxy servers
Cisco UTD Snort IPS Engine Software for IOS XE
Other software / Other software solutions
Cisco UTD Engine for IOS XE SD-WAN
Other software / Other software solutions
Meraki MX Security Appliances
Other software / Other software solutions
Cisco 1000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
4000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8000V Edge Software
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8200 Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8300 Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8500L Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cloud Services Routers 1000V Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
Integrated Services Virtual Router
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX64
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX64W
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX65
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX65W
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX67
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX67C
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX68
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX68WC
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX75
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX84
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX85
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX95
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX100
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX105
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX250
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX400
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX450
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX600
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Meraki MX67W
Hardware solutions / Firmware
Cisco Meraki MX68W
Hardware solutions / Firmware

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a flaw in the FTP module of the Snort detection engine. A remote attacker can send specially crafted FTP traffic, bypass FTP inspection and deliver a malicious payload.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0, 7.0.0, 7.1.0, 7.2.0, 7.3.0

FirePOWER Services: All versions

Open Source Snort 2: All versions

Cisco UTD Snort IPS Engine Software for IOS XE: 17.3 - 17.12

Cisco UTD Engine for IOS XE SD-WAN: 17.3 - 17.12

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Catalyst 8000V Edge Software: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8300 Series Edge Platforms: All versions

Catalyst 8500L Series Edge Platforms: All versions

Cloud Services Routers 1000V Series: All versions

Integrated Services Virtual Router: All versions

Meraki MX Security Appliances: MX15 - MX18

Cisco Meraki MX64: All versions

Cisco Meraki MX64W: All versions

Cisco Meraki MX65: All versions

Cisco Meraki MX65W: All versions

Cisco Meraki MX67: All versions

Cisco Meraki MX67C: All versions

Cisco Meraki MX67W: All versions

Cisco Meraki MX68: All versions

Cisco Meraki MX68W: All versions

Cisco Meraki MX68WC: All versions

Cisco Meraki MX75: All versions

Cisco Meraki MX84: All versions

Cisco Meraki MX85: All versions

Cisco Meraki MX95: All versions

Cisco Meraki MX100: All versions

Cisco Meraki MX105: All versions

Cisco Meraki MX250: All versions

Cisco Meraki MX400: All versions

Cisco Meraki MX450: All versions

Cisco Meraki MX600: All versions

Cyber Vision: 3.2.4 - 4.1

Umbrella Secure Internet Gateway: All versions

External links
http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ftd-zXYtnjOM

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Security features bypass in multiple Cisco Products