CVE-2023-20267: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2023-20267) was discovered in the IP geolocation rules of Snort 3 within Cisco Firepower Threat Defense Software. The vulnerability was first published on November 1, 2023, and allows an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability affects Cisco FTD Software running a vulnerable release with the Snort 3 detection engine configured with a geolocation inspection policy (Cisco Advisory).

The vulnerability exists due to improper parsing of IP geolocation rules configuration. It has been assigned a CVSS Base Score of 4.0 MEDIUM with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N. The vulnerability is classified under CWE-284 (Improper Access Control) (Cisco Advisory, NVD).

A successful exploitation of this vulnerability could allow an attacker to bypass location-based IP address restrictions. The overall impact is organization-specific and depends on the importance of the assets that the ACL was supposed to protect (Cisco Advisory).

Cisco has released software updates that address this vulnerability. A workaround is available by configuring a non-critical IP exclusion range as the last entry in the geolocation configuration file. This entry will be ignored. However, customers should evaluate the workaround's applicability and effectiveness in their environment before deployment, as it may impact network functionality or performance (Cisco Advisory).