Rewterz Threat Advisory – Multiple Cisco Firepower Threat Defense Software Vulnerabilities

Rewterz Threat Update – Hive Ransomware Possibly Rebranded as the New Hunters International Ransomware

November 2, 2023

Rewterz Threat Alert – Apache ActiveMQ Vulnerability Exploited by HelloKitty Ransomware Gang – Active IOCs

November 2, 2023

Rewterz Threat Advisory – Multiple Cisco Firepower Threat Defense Software Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-20031 CVSS:4

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by a logic error that occurs when an SSL/TLS certificate. By sending a high rate of SSL/TLS connection requests, a remote attacker could exploit this vulnerability to cause the Snort 3 detection engine to reload.

CVE-2023-20083 CVSS:8.6

Cisco Firepower Threat Defense is vulnerable to a denial of service, caused by improper error checking when parsing fields within the ICMPv6 header. By sending a specially crafted ICMPv6 packet, a remote attacker could exploit this vulnerability to cause the device to exhaust CPU resources and stop processing traffic.

CVE-2023-20244 CVSS:8.6

Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls are vulnerable to a denial of service, caused by improper handling of certain packets when sent to the inspection engine. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause traffic loss or an unexpected reload of the device.

CVE-2023-20070 CVSS:3.7

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by a logic error in how memory allocations are handled during a TLS 1.3 session. By sending a crafted TLS 1.3 message sequence, a remote attacker could exploit this vulnerability to cause the Snort 3 detection engine to reload.

CVE-2023-20270 CVSS:5.8

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by improper error-checking when the Snort 3 detection engine is processing SMB traffic. By sending a crafted SMB packet stream, a remote attacker could exploit this vulnerability to cause the Snort process to reload.

CVE-2023-20063 CVSS:8.2

Cisco Firepower Threat Defense Software and Firepower Management Center Software could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper validation of user-supplied input. By sending specially crafted commands to a connected system, an attacker could exploit this vulnerability to execute arbitrary code in the context of an FTD device.

CVE-2023-20267 CVSS:4

Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by a flaw in configuration for IP geolocation rules. By spoofing an IP address until they bypass the restriction, an attacker could exploit this vulnerability to bypass location-based IP address restrictions.

CVE-2023-20177 CVSS:4

Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection. By sending a crafted SSL/TLS connection, a remote attacker could exploit this vulnerability to cause the Snort 3 detection engine to unexpectedly restart.