Cyber Resilience

CVE-2022-20943

Medium

Published: 15 November 2022

Published
15 November 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
EPSS Score 0.0028 51.9th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20943 is a medium-severity Heap Inspection (CWE-244) vulnerability in Cisco Cyber Vision. Its CVSS base score is 5.8 (Medium).

Operationally, ranked in the top 48.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on…

more

an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
firepower threat defense
7.0.0, 7.0.0.1, 7.0.1, 7.0.1.1
cisco
cyber vision
3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.5
cisco
meraki mx security appliance firmware
≤ 16.6.7 · 17.0 — 17.11.1 · 18.0 — 18.1.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-244

Forces clearing of heap memory contents prior to release, preventing subsequent processes from inspecting prior sensitive data.

addresses: CWE-244

Information management requirements drive clearing of sensitive contents from memory prior to release or reuse.

References