CVE-2024-20508: Cisco UTD Snort IPS Engine Bypass & DoS via HTTP
CVE-2024-20508 Published on September 25, 2024
Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped.
Vulnerability Analysis
CVE-2024-20508 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2024-20508
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-20508 are published in Cisco Unified Threat Defense Snort Intrusion Prevention System Engine:
Affected Versions
Cisco UTD SNORT IPS Engine Software:- Version 17.12.1a is affected.
- Version 17.12.2 is affected.
- Version 17.13.1a is affected.
- Version 17.12.3 is affected.
- Version 17.12.3a is affected.
- Version 17.15.1a is affected.
- Version 17.9.5a is affected.
- Version 17.6.1a is affected.
- Version 17.8.1a is affected.
- Version 17.6.2 is affected.
- Version 17.7.2 is affected.
- Version 17.12.4 is affected.
- Version 17.14.1a is affected.
- Version 17.11.1a is affected.
- Version 17.7.1a is affected.
- Version 17.6.6 is affected.
- Version 17.12.1a is affected.
- Version 17.12.2 is affected.
- Version 17.13.1a is affected.
- Version 17.12.3 is affected.
- Version 17.12.3a is affected.
- Version 17.15.1a is affected.
- Version 17.9.5a is affected.
- Version 17.6.1a is affected.
- Version 17.8.1a is affected.
- Version 17.6.2 is affected.
- Version 17.7.2 is affected.
- Version 17.12.4 is affected.
- Version 17.14.1a is affected.
- Version 17.11.1a is affected.
- Version 17.7.1a is affected.
- Version 17.6.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.