#VU89834 Authentication Bypass by Spoofing in Cisco Systems, Inc products - CVE-2024-20363

Cybersecurity Help s.r.o.

Published: 2024-05-27

Vulnerability identifier: #VU89834

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-20363

CWE-ID: CWE-290

Exploitation vector: Network

Exploit availability: No

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to incorrect HTTP packet handling. A remote attacker can send specially crafted HTTP packets, bypass configured IPS rules and allow uninspected traffic onto the network.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XE: 17.12 - 17.13

FirePOWER Services: All versions

Cisco Firepower Threat Defense (FTD): All versions

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Catalyst 8000V Edge Software: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8300 Series Edge Platforms: All versions

Catalyst 8500L Series Edge Platforms: All versions

Cloud Services Routers 1000V Series: All versions

Integrated Services Virtual Router: All versions

Open Source Snort 3: before 3.1.69.0

External links
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Authentication Bypass by Spoofing in Cisco Products