CVE-2022-20922

Published on: Not Yet Published

Last Modified on: 11/22/2022 12:46:00 AM UTC

CVE-2022-20922 - advisory for cisco-sa-snort-smb-3nfhJtr

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Certain versions of Cyber Vision from Cisco contain the following vulnerability:

Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.

  • CVE-2022-20922 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

CVSS3 Score: 6.5 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED NONE LOW LOW

CVE References

Description Tags Link
No Description Provided tools.cisco.com
text/html
 URL Logo MISC tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoCyber Vision3.0.0AllAllAll
ApplicationCiscoCyber Vision3.0.1AllAllAll
ApplicationCiscoCyber Vision3.0.2AllAllAll
ApplicationCiscoCyber Vision3.0.3AllAllAll
ApplicationCiscoCyber Vision3.0.5AllAllAll
ApplicationCiscoCyber Vision3.0.6AllAllAll
ApplicationCiscoCyber Vision3.1.0AllAllAll
ApplicationCiscoCyber Vision3.1.1AllAllAll
ApplicationCiscoCyber Vision3.1.2AllAllAll
ApplicationCiscoCyber Vision3.2.0AllAllAll
ApplicationCiscoCyber Vision3.2.1AllAllAll
ApplicationCiscoCyber Vision3.2.2AllAllAll
ApplicationCiscoCyber Vision3.2.3AllAllAll
ApplicationCiscoCyber Vision3.2.4AllAllAll
ApplicationCiscoCyber Vision4.0.0AllAllAll
ApplicationCiscoCyber Vision4.0.1AllAllAll
ApplicationCiscoCyber Vision4.0.2AllAllAll
ApplicationCiscoCyber Vision4.0.3AllAllAll
ApplicationCiscoCyber Vision4.1.0AllAllAll
ApplicationCiscoCyber Vision4.1.1AllAllAll
ApplicationCiscoFirepower Threat Defense7.1.0AllAllAll
ApplicationCiscoFirepower Threat Defense7.1.0.1AllAllAll
ApplicationCiscoFirepower Threat Defense7.1.0.2AllAllAll
ApplicationCiscoFirepower Threat Defense7.2.0AllAllAll
ApplicationCiscoFirepower Threat Defense7.2.0.1AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance1.5.4AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance1.5.5AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance1.5.6AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.0.0AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.0.2AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.0.3AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.1.0AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.1.2AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.1.4AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.1.5AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.2AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.2.1AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.3AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.3.1AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.4AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.4.12AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.4.4AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.4.6AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.5AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.5.4AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.5.5AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.5.6AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.5.7AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.6.0AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.6.1AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.6.2AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.7AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.8AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance2.8.9AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance3.0AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance3.1AllAllAll
Operating
System		CiscoUmbrella Insights Virtual Appliance3.2AllAllAll
  • cpe:2.3:a:cisco:cyber_vision:3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:3.2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:4.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:4.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:4.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:4.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:cyber_vision:4.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:1.5.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:1.5.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:1.5.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.1.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.1.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.4.12:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.4.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.4.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.5.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.5.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.5.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.5.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.8:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:2.8.9:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:3.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:umbrella_insights_virtual_appliance:3.2:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report