CVE-2023-20267 MEDIUM

CVE-2023-20267

Vendor Cisco
Product Cisco Firepower Threat Defense Software
Weakness CWE-284
Published November 1, 2023
Last update November 21, 2024

CVSS base score

4.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions.

Key dates

02Disclosure timeline

November 1, 2023 CVE published
November 21, 2024 Record updated