Blog
63
Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Expert Investigated Vulnerability in Snort Intrusion Prevention System

Now Reading
Expert Investigated Vulnerability in Snort Intrusion Prevention System

Contents
vulnerability in the Snort system

Security firm Claroty Uri Katz has published details of a now patched vulnerability in Snort’s intrusion detection and prevention system that could cause a denial of service (DoS) and render the system useless to reflect malicious traffic.

Vulnerability CVE-2022-20685 was rated 7.5 out of 10 on the threat rating scale. The problem is present in the Modbus preprocessor of the Snort discovery engine and affects all releases of the system up to version 2.9.19, as well as version 3.1.11.0.

Successful exploitation of vulnerabilities in network analysis tools like Snort can have a devastating impact on corporate and OT networks. Network analysis tools are an under-researched area that should be better analysed and given more attention, especially as OT networks are centrally managed by IT network analysts who are familiar with Snort and other similar tools.<span class="su-quote-cite">said <b>Katz</b>.</span>

Information security vendors also have annoying bugs, for example, we wrote that ESET fixed a serious vulnerability in its products for Windows, and also that Zloader Trojan Disables Microsoft Defender on Victims’ Systems.

The Cisco-supported open-source Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) Snort analyzes network traffic in real time for signs of possible malicious activity based on predefined rules.

vulnerability in the Snort system

Snort is largely used passively on the network, but it can also take action on malicious packets, making it a powerful detection tool for defenders. An attacker who could blind this tool to malicious traffic, however, could gain an important advantage over network defenders.<span class="su-quote-cite">Uri Katz writes.</span>

CVE-2022-20685 is an integer-overflow vulnerability. With it, an attacker can cause Snort to stop processing new packets and generating security notifications.

The vulnerability, CVE-2022-20685 vulnerabilityis an integer-overflow issue that can cause the Snort Modbus OT preprocessor to enter an infinite while-loop.<span class="su-quote-cite">the researcher writes.</span>

The problem is related to how Snort handles Modbus packets (an industrial communication protocol used in SCADA networks). An attacker could send a specially configured packet to a vulnerable device and cause Snort processes to hang.

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
Posted In
Blog
Tags
Cisco, Malware, Snort, Uri Katz
, , ,
About The Author
Vladimir Krasnogolovy
Comments
Leave a response

Leave a Response