CVE-2023-20071: 
Snort vulnerability analysis and mitigation

Multiple Cisco products are affected by a vulnerability (CVE-2023-20071) in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on affected systems. The vulnerability was discovered during internal security testing and publicly disclosed on November 1, 2023. The affected products include Cisco FirePOWER Services, Firepower Threat Defense Software, Cisco IOS XE Products, Cisco Meraki Products, Cisco Cyber Vision, and Umbrella Secure Internet Gateway (Cisco Advisory).

The vulnerability stems from a flaw in the FTP module of the Snort detection engine. It has been assigned a CVSS Base Score of 5.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N. The vulnerability is tracked under CWE-1039 (Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations) (NVD).

A successful exploit could allow an attacker to bypass FTP inspection and deliver a malicious payload. The vulnerability affects multiple product lines including Snort 2 and Snort 3 versions prior to 3.1.32.0, various Cisco Firepower Threat Defense versions, and multiple Cisco Meraki MX series appliances (Cisco Advisory).

Cisco has released software updates that address this vulnerability. There are no workarounds available. For Snort 2 users, migration to Snort 3 is recommended. For Meraki MX Security Appliances, hot fixes are available for MX 16.6.6 and later, MX 17.0 and later, and MX 18.1 and later. However, no fixes will be provided for the MX64 and MX65 platforms (Cisco Advisory).