Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20363

Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.

Published

2024-05-22T17:16:13.950

Last Modified

2025-07-03T17:19:51.450

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-290
Type: Secondary
CWE-290

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	firepower_threat_defense	7.4.0	Yes
Operating System	cisco	unified_threat_defense_snort_intrusion_prevention_system_engine	17.6.4	Yes
Operating System	cisco	unified_threat_defense_snort_intrusion_prevention_system_engine	17.6.5	Yes
Operating System	cisco	unified_threat_defense_snort_intrusion_prevention_system_engine	17.12.1a	Yes
Operating System	cisco	unified_threat_defense_snort_intrusion_prevention_system_engine	17.12.2	Yes
Application	cisco	snort	< 3.1.69.0	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-ips-bypass-uE69KBMd Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)