Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Microsoft Edge (Chromium-based) Vulnerabilities
November 3, 2023
Rewterz
Rewterz Threat Advisory – Multiple Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerabilities
November 3, 2023

Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-20246 CVSS:5.8

Multiple Cisco Products could allow a remote attacker to bypass security restrictions, caused by a logic error that occurs when the access control policies are being populated. By establishing a connection, an attacker could exploit this vulnerability to bypass configured access control rules on the affected system.

CVE-2023-20255 CVSS:5.3

Cisco Meeting Server is vulnerable to a denial of service, caused by improper validation of HTTP requests. By sending specially crafted HTTP packets, a remote attacker could exploit this vulnerability to cause ongoing video calls to be dropped, and results in a denial of service condition.

CVE-2023-20071 CVSS:5.8

Multiple Cisco Products could allow a remote attacker to bypass security restrictions, caused by a flaw in the FTP module of the Snort detection engine. By sending crafted FTP traffic, an attacker could exploit this vulnerability to bypass FTP inspection and deliver a malicious payload.

CVE-2023-20175 CVSS:8.8

Cisco Identity Services Engine could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By sending a specially crafted CLI command, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system with root privileges.

CVE-2023-20170 CVSS:6

Cisco Identity Services Engine could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By sending a specially crafted CLI command, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system with root privileges.

Impact

  • Denial of Service
  • Gain Access
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2023-20246
  • CVE-2023-20255
  • CVE-2023-20071
  • CVE-2023-20175
  • CVE-2023-20170

Affected Vendors

Cisco

Affected Products

  • Cisco Identity Services Engine (ISE)
  • Cisco FirePOWER Services Software for ASA
  • Cisco Open Source Snort 3
  • Cisco IOS XE
  • Cisco Open Source Snort 2
  • Cisco Firepower Threat Defense (FTD) Software

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-20246

CVE-2023-20255

CVE-2023-20071

CVE-2023-20175

CVE-2023-20170