CVE-2024-20508

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 122

Summary

CVE-2024-20508 is a vulnerability in the Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software, allowing unauthenticated remote attackers to bypass configured security policies or cause a denial of service (DoS) condition. This vulnerability arises from inadequate validation of HTTP requests processed by the Snort IPS Engine, which an attacker can exploit by sending a crafted HTTP request. If successfully exploited, the default fail-open setting could enable policy bypassing, while a fail-close setting could disrupt traffic inspection. Affected products include various models under the Cisco UTD Snort IPS Engine. To remediate this vulnerability, organizations are advised to update their systems according to Cisco's security advisory.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share