Skip to main content

Snort CVE-2016-1417

HIGH
Untrusted Search Path (CWE-426)
2017-01-23 psirt@cisco.com
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 23, 2017 - 21:59 cve.org
HIGH 8.8

DescriptionCVE.org

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.

AnalysisAI

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-426. Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed. Affected products include: Snort.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Snort

View all
CVE-2024-20342 HIGH
8.6 Oct 23

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that

CVE-2017-6657 HIGH
7.5 May 16

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Rated high severity (CVSS 7.5), this vulne

CVE-2021-40116 HIGH
7.5 Oct 27

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attac

CVE-2021-40114 HIGH
7.5 Oct 27

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic tha

CVE-2021-1223 HIGH
7.5 Jan 13

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2024-20363 MEDIUM
5.8 May 22

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that

CVE-2020-3299 MEDIUM
5.8 Oct 21

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2023-20246 MEDIUM
5.3 Nov 01

Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthentic

CVE-2021-1495 MEDIUM
5.3 Apr 29

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2021-1236 MEDIUM
5.3 Jan 13

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an un

CVE-2021-1224 MEDIUM
5.3 Jan 13

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort

Share

CVE-2016-1417 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy