Vulnerability Details : CVE-2023-20267
A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-20267
- Cisco » Firepower Threat DefenseVersions from including (>=) 6.7.0 and up to, including, (<=) 7.3.1.1cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-20267
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 1 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-20267
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST | |
|
4.0
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
2.2
|
1.4
|
Cisco Systems, Inc. |
CWE ids for CVE-2023-20267
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2023-20267
-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-bypass-LMz2ThKn
Cisco Firepower Threat Defense Software Snort 3 Geolocation IP Filter Bypass VulnerabilityVendor Advisory
Jump to