Skip to main content

Snort CVE-2024-20342

HIGH
Comparison Using Wrong Factors (CWE-1025)
2024-10-23 psirt@cisco.com
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 23, 2024 - 17:15 nvd
HIGH 8.6

DescriptionNVD

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter. 

This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device.

AnalysisAI

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1025. Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.  This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device. Affected products include: Cisco Snort, Cisco Firepower Threat Defense Software.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Snort

View all
CVE-2016-1417 HIGH POC
8.8 Jan 23

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct

CVE-2017-6657 HIGH
7.5 May 16

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Rated high severity (CVSS 7.5), this vulne

CVE-2021-40116 HIGH
7.5 Oct 27

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attac

CVE-2021-40114 HIGH
7.5 Oct 27

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic tha

CVE-2021-1223 HIGH
7.5 Jan 13

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2024-20363 MEDIUM
5.8 May 22

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that

CVE-2020-3299 MEDIUM
5.8 Oct 21

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2023-20246 MEDIUM
5.3 Nov 01

Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthentic

CVE-2021-1495 MEDIUM
5.3 Apr 29

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticate

CVE-2021-1236 MEDIUM
5.3 Jan 13

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an un

CVE-2021-1224 MEDIUM
5.3 Jan 13

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort

Share

CVE-2024-20342 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy