ReportizFlow
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Fri, 15 Nov 2024 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |
| Title | Multiple Cisco Products Snort Modbus Denial of Service Vulnerability | |
| Weaknesses | CWE-190 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-11-15T15:36:31.261Z
Updated: 2024-11-15T15:36:31.261Z
Reserved: 2021-11-02T13:28:29.055Z
Link: CVE-2022-20685
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2024-11-15T16:15:21.910
Modified: 2024-11-18T17:11:56.587
Link: CVE-2022-20685
Redhat
No data.