Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2022-20685
CVE-2022-20685:
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation
Overview
A vulnerability in the Modbus preprocessor of the Snort detection engine (CVE-2022-20685) was discovered that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected devices. The vulnerability, which was disclosed on January 19, 2022, affects all open source Snort project releases earlier than Release 2.9.19 and Release 3.1.11.0, as well as multiple Cisco products including FirePOWER Services Software, Firepower Threat Defense Software, and Meraki MX Series Software (Cisco Advisory).
Technical details
The vulnerability is rated with a CVSS base score of 7.5 and is caused by an integer overflow issue while processing Modbus traffic. The flaw specifically affects the Modbus preprocessor component of the Snort detection engine, which when exploited can cause the Snort process to enter an infinite while loop (Hacker News, Cisco Advisory).
Impact
A successful exploitation of this vulnerability results in the Snort process hanging, causing traffic inspection to stop. For Meraki MX series devices, this leads to bypass of inspection services, potentially allowing malicious traffic to reach devices behind the MX series device without generating alerts. In the case of Cyber Vision, the exploitation results in the bypass of Snort intrusion detection services, though deep packet inspection and anomaly detection services remain unaffected (Cisco Advisory).
Mitigation and workarounds
Cisco has released software updates that address this vulnerability. For FTD Software managed by Firepower Management Center, the Modbus preprocessor can be disabled to mitigate the attack vector. However, there are no other workarounds available for other affected products. Users are advised to upgrade to the fixed versions: Snort 2.9.19 or later for 2.x versions, and 3.1.11.0 or later for 3.x versions (Cisco Advisory).
Community reactions
The vulnerability was discovered and reported by Uri Katz of Claroty Research. According to security researchers, network analysis tools like Snort are considered an under-researched area that deserves more attention, especially as OT networks are increasingly being centrally managed by IT network analysts (Hacker News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management