Source: snort X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for snort. CVE-2023-20246[0]: | Multiple Cisco products are affected by a vulnerability in Snort | access control policies that could allow an unauthenticated, remote | attacker to bypass the configured policies on an affected system. | This vulnerability is due to a logic error that occurs when the | access control policies are being populated. An attacker could | exploit this vulnerability by establishing a connection to an | affected device. A successful exploit could allow the attacker to | bypass configured access control rules on the affected system. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh CVE-2023-20031[1]: | A vulnerability in the SSL/TLS certificate handling of Snort 3 | Detection Engine integration with Cisco Firepower Threat Defense | (FTD) Software could allow an unauthenticated, remote attacker to | cause the Snort 3 detection engine to restart. This vulnerability is | due to a logic error that occurs when an SSL/TLS certificate that is | under load is accessed when it is initiating an SSL connection. | Under specific, time-based constraints, an attacker could exploit | this vulnerability by sending a high rate of SSL/TLS connection | requests to be inspected by the Snort 3 detection engine on an | affected device. A successful exploit could allow the attacker to | cause the Snort 3 detection engine to reload, resulting in either a | bypass or a denial of service (DoS) condition, depending on device | configuration. The Snort detection engine will restart | automatically. No manual intervention is required. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-20246 https://www.cve.org/CVERecord?id=CVE-2023-20246 [1] https://security-tracker.debian.org/tracker/CVE-2023-20031 https://www.cve.org/CVERecord?id=CVE-2023-20031 Please adjust the affected versions in the BTS as needed.