Cisco Unified Threat Defense
Recent Cisco Unified Threat Defense Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2024-03-27 | Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability | March 27, 2024 |
| 2023-09-27 | Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability | September 27, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Cisco Unified Threat Defense . Last year Unified Threat Defense had 2 security vulnerabilities published. Right now, Unified Threat Defense is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 5.55 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Unified Threat Defense vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Unified Threat Defense Security Vulnerabilities
Multiple Cisco products are affected by a vulnerability in Snort access control policies
CVE-2023-20246
5.3 - Medium
- November 01, 2023
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.
Multiple Cisco products are affected by a vulnerability in the Snort detection engine
CVE-2023-20071
5.8 - Medium
- November 01, 2023
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.
Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic
CVE-2021-40114
7.5 - High
- October 27, 2021
Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.
Memory Leak
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Snort or by Cisco? Click the Watch button to subscribe.
