March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Update – Hive Ransomware Possibly Rebranded as the New Hunters International Ransomware
November 2, 2023Rewterz Threat Alert – Apache ActiveMQ Vulnerability Exploited by HelloKitty Ransomware Gang – Active IOCs
November 2, 2023Rewterz Threat Update – Hive Ransomware Possibly Rebranded as the New Hunters International Ransomware
November 2, 2023Rewterz Threat Alert – Apache ActiveMQ Vulnerability Exploited by HelloKitty Ransomware Gang – Active IOCs
November 2, 2023
Severity
Medium
Analysis Summary
CVE-2023-20031 CVSS:4
Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by a logic error that occurs when an SSL/TLS certificate. By sending a high rate of SSL/TLS connection requests, a remote attacker could exploit this vulnerability to cause the Snort 3 detection engine to reload.
CVE-2023-20083 CVSS:8.6
Cisco Firepower Threat Defense is vulnerable to a denial of service, caused by improper error checking when parsing fields within the ICMPv6 header. By sending a specially crafted ICMPv6 packet, a remote attacker could exploit this vulnerability to cause the device to exhaust CPU resources and stop processing traffic.
CVE-2023-20244 CVSS:8.6
Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls are vulnerable to a denial of service, caused by improper handling of certain packets when sent to the inspection engine. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause traffic loss or an unexpected reload of the device.
CVE-2023-20070 CVSS:3.7
Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by a logic error in how memory allocations are handled during a TLS 1.3 session. By sending a crafted TLS 1.3 message sequence, a remote attacker could exploit this vulnerability to cause the Snort 3 detection engine to reload.
CVE-2023-20270 CVSS:5.8
Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by improper error-checking when the Snort 3 detection engine is processing SMB traffic. By sending a crafted SMB packet stream, a remote attacker could exploit this vulnerability to cause the Snort process to reload.
CVE-2023-20063 CVSS:8.2
Cisco Firepower Threat Defense Software and Firepower Management Center Software could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper validation of user-supplied input. By sending specially crafted commands to a connected system, an attacker could exploit this vulnerability to execute arbitrary code in the context of an FTD device.
CVE-2023-20267 CVSS:4
Cisco Firepower Threat Defense Software could allow a remote attacker to bypass security restrictions, caused by a flaw in configuration for IP geolocation rules. By spoofing an IP address until they bypass the restriction, an attacker could exploit this vulnerability to bypass location-based IP address restrictions.
CVE-2023-20177 CVSS:4
Cisco Firepower Threat Defense Software is vulnerable to a denial of service, caused by a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection. By sending a crafted SSL/TLS connection, a remote attacker could exploit this vulnerability to cause the Snort 3 detection engine to unexpectedly restart.
Impact
- Denial of Service
- Code Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-20031
- CVE-2023-20083
- CVE-2023-20244
- CVE-2023-20070
- CVE-2023-20270
- CVE-2023-20063
- CVE-2023-20267
- CVE-2023-20177
Affected Vendors
Cisco
Affected Products
- Cisco Firepower Threat Defense Software
- Cisco Firepower 2100 Series Firewalls
- Cisco Firepower Management Center Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.