CVE-2020-3299: Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability
First published: Wed Oct 21 2020(Updated: )
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/snort | <=2.9.7.0-5<=2.9.15.1-5 | 2.9.20-0+deb10u1 2.9.20-0+deb11u1 2.9.15.1-6 |
| Cisco Firepower Threat Defense | >=6.0.0<6.3.0.1 | |
| Cisco Cloud Services Router 1000v | ||
| Cisco Isrv | ||
| Cisco 1100-4p | ||
| Cisco 1100-8p | ||
| Cisco 1101-4p | ||
| Cisco 1109-2p | ||
| Cisco 1109-4p | ||
| Cisco 1111x-8p | ||
| Cisco 4221 Integrated Services Router | ||
| Cisco 4331 Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco 4461 Integrated Services Router | ||
| Cisco Isa 3000 | ||
| Cisco Meraki Mx | ||
| Snort Snort | <2.9.13.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3299?
CVE-2020-3299 is a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP.
Which Cisco products are affected by CVE-2020-3299?
The following Cisco products are affected: Cisco Firepower Threat Defense, Cisco Cloud Services Router 1000v, Cisco Isrv, Cisco 1100-4p, Cisco 1100-8p, Cisco 1101-4p, Cisco 1109-2p, Cisco 1109-4p, Cisco 1111x-8p, Cisco 4221 Integrated Services Router, Cisco 4331 Integrated Services Router, Cisco 4431 Integrated Services Router, Cisco 4461 Integrated Services Router, Cisco Isa 3000, and Cisco Meraki Mx.
How severe is CVE-2020-3299?
The severity of CVE-2020-3299 is medium, with a CVSS score of 5.8.
How can I fix CVE-2020-3299?
To fix CVE-2020-3299, update the affected software to the following versions: Snort 2.9.20-0+deb10u1, Snort 2.9.20-0+deb11u1, or Snort 2.9.15.1-6.
Where can I find more information about CVE-2020-3299?
You can find more information about CVE-2020-3299 from the following sources: [Debian LTS Announcement](https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html), [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j), and [Debian Security Advisory](https://www.debian.org/security/2023/dsa-5354).
- collector/security-tracker-debian
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- package-manager/debian
- vendor/cisco
- canonical/cisco firepower threat defense
- version/cisco firepower threat defense/6.0.0
- canonical/cisco cloud services router 1000v
- canonical/cisco isrv
- canonical/cisco 1100-4p
- canonical/cisco 1100-8p
- canonical/cisco 1101-4p
- canonical/cisco 1109-2p
- canonical/cisco 1109-4p
- canonical/cisco 1111x-8p
- canonical/cisco 4221 integrated services router
- canonical/cisco 4331 integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco 4461 integrated services router
- canonical/cisco isa 3000
- canonical/cisco meraki mx
- vendor/snort
- canonical/snort snort