CVE-2024-20363

MEDIUM

Cisco Firepower Threat Defense Snort IPS Engine Unauthenticated Rule Bypass via HTTP Packets

Title source: llm

Description

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd

Scores

CVSS v3 5.8

EPSS 0.0037

EPSS Percentile 28.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (6)

cisco/firepower_threat_defense 7.4.0

cisco/snort 3.0.0-233 - 3.1.69.0

cisco/unified_threat_defense_snort_intrusion_prevention_system_engine 17.6.4

cisco/unified_threat_defense_snort_intrusion_prevention_system_engine 17.6.5

cisco/unified_threat_defense_snort_intrusion_prevention_system_engine 17.12.1a

cisco/unified_threat_defense_snort_intrusion_prevention_system_engine 17.12.2

Published May 22, 2024

Tracked Since Feb 18, 2026