QID 317414

QID 317414: Cisco Internetwork Operating System (IOS) XE Software Unified Threat Defense Access Control Policy Bypass Vulnerability ( cisco-sa-ftd-snort3acp-bypass-3bdR2BEh)

At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software or Cisco UTD Engine for Cisco IOS XE SD-WAN Software.

Note: UTD is not installed on these devices by default. If the UTD file is not installed, the device is not vulnerable.

1000 Series Integrated Services Routers (ISRs)
4000 Series ISRs
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Edge Platforms
Cloud Services Routers 1000V
Integrated Services Virtual Router (ISRv)

Affected Products
From 17.12 prior to 17.12.2
From 17.13 prior to 17.13.1

QID Detection Logic (Authenticated):
The check matches Cisco IOS XE version retrieved via Unix Auth using "show version" command.
QID Detection Logic (Unauthenticated):
The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.

A successful exploit could allow the attacker to bypass configured access control rules on the affected system.

  • CVSS V3 rated as Medium - 5.3 severity.
  • CVSS V2 rated as Medium - 4 severity.
    • Solution

    Customers are advised to refer to cisco-sa-ftd-snort3acp-bypass-3bdR2BEh for more information.

    Vendor References

    CVEs related to QID 317414

    CVE-2023-20246 |
    Software Advisories
    Advisory ID Software Component Link
    cisco-sa-ftd-snort3acp-bypass-3bdR2BEh URL Logo sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].