CVE-2024-20508: Cisco UTD Snort IPS Engine Software for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability
First published: Wed Sep 25 2024(Updated: )
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.6.1a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.6.2 | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.6.6 | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.7.1a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.7.2 | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.8.1a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.9.5a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.11.1a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.12.1a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.12.2 | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.12.3 | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.12.3a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.12.4 | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.13.1a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.14.1a | |
| Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System | =17.15.1a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20508?
The severity of CVE-2024-20508 is classified as high due to its potential to allow unauthorized access and service disruption.
How do I fix CVE-2024-20508?
To fix CVE-2024-20508, upgrade the Cisco Unified Threat Defense Snort IPS Engine to a patched version as recommended by Cisco.
What are the affected versions for CVE-2024-20508?
CVE-2024-20508 affects multiple versions of the Cisco Unified Threat Defense Snort IPS Engine, including 17.6.1a, 17.6.2, 17.7.1a, and more.
Can CVE-2024-20508 be exploited remotely?
Yes, CVE-2024-20508 can be exploited by unauthenticated remote attackers.
What impact can CVE-2024-20508 have on my network devices?
CVE-2024-20508 can allow attackers to bypass security policies or cause a denial of service condition on affected devices.
- agent/references
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/severity
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified threat defense (utd) snort intrusion prevention system
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.6.1a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.6.2
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.6.6
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.7.1a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.7.2
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.8.1a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.9.5a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.11.1a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.12.1a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.12.2
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.12.3
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.12.3a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.12.4
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.13.1a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.14.1a
- version/cisco unified threat defense (utd) snort intrusion prevention system/17.15.1a