Cisco FTD Snort 3 DNS Reputation Rule DoS Vulnerability (CVE-2022-20767)

Vulnerability ID: cisco-sa-FTD-snort3-DOS-Aq38LvN CVSS Score: Base 8.6 Severity: High CVE ID: CVE-2022-20767 CWE ID: CWE-399 Release Date: 2022-04-27 16:00 GMT Version: Final Workarounds: No workarounds available Cisco Bug ID: CSCwa21016 Summary: Due to improper handling of DNS reputation execution rules in the Snort rule evaluation functionality within Cisco Firepower Threat Defense (FTD) software, an unauthenticated remote attacker could send crafted UDP packets to force affected devices into UDP connection backlog. Successful exploitation could result in traffic loss, leading to a Denial of Service (DoS) condition. Affected Products: - Only affects Cisco FTD devices running Snort 3. - Does not affect the following products: ASA software, FMC software, FTD software running Snort 2, Meraki MX series software, open-source Snort 2 project, open-source Snort 3 project. Fixed Software: Cisco has released free software updates that address the vulnerability described in this advisory. Exploitation and Public Announcements: Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. Source: This vulnerability was discovered during the resolution of a Cisco TAC support case. URL: Link Revision History: - Version 1.0: Initial public release.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco FTD Snort 3 DNS Reputation Rule DoS Vulnerability (CVE-2022-20767)