CVE-2022-20685

high-risk

Published 2024-11-15

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Do I need to act?

0.50% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Cyber Vision

Firepower Threat Defense

Affected Vendors

Cisco

References (2)

Not Applicable https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

Vendor Advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

/ 100

high-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 30/34 · Critical