#VU82709 Business Logic Errors in Cisco Systems, Inc products - CVE-2023-20246

Cybersecurity Help s.r.o.

Published: 2023-11-03

Vulnerability identifier: #VU82709

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-20246

CWE-ID: CWE-840

Exploitation vector: Network

Exploit availability: No

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a logic error when the access control policies are being populated. A remote attacker can establish a connection to an affected device and bypass configured access control rules on the affected system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): All versions

FirePOWER Services: All versions

Cisco UTD Engine for IOS XE SD-WAN: All versions

Cisco UTD Snort IPS Engine Software for IOS XE: All versions

Cisco IOS XE: 17.12 - 17.13

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Catalyst 8000V Edge Software: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8300 Series Edge Platforms: All versions

Catalyst 8500L Series Edge Platforms: All versions

Cloud Services Routers 1000V Series: All versions

Integrated Services Virtual Router: All versions

Open Source Snort 3: before 3.1.57.0

External links
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Access Control Policy Bypass in multiple Cisco Products