Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Vulnerability Type
在释放前清理堆内存不恰当(堆检查)
Vulnerability Title
多款Cisco产品安全漏洞
Vulnerability Description
Cisco Firepower System等都是美国思科(Cisco)公司的产品。Cisco Firepower System是一款下一代防火墙产品(NGFW)。Cisco Umbrella是一套云安全平台。Cisco Cyber Vision Center Software是一套工业控制系统(ICS)监控解决方案。 Cisco多款产品存在安全漏洞,该漏洞源于Snort检测引擎处理流量时对系统资源管理不当,攻击者可以通过向受影响的设备发送高速率的某些SMB2数据包来利用此漏洞,可能允许未经身份验证的远程
CVSS Information
N/A
Vulnerability Type
N/A