Aspects have emerged about a now-patched security vulnerability in the Snort intrusion detection and avoidance process that could induce a denial-of-assistance (DoS) problem and render it powerless in opposition to malicious website traffic.
Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It influences all open up-resource Snort venture releases before than 2.9.19 as nicely as variation 3.1.11..
Maintained by Cisco, Snort is an open up-source intrusion detection process (IDS) and intrusion avoidance system (IPS) that presents real-time network website traffic assessment to spot potential indications of malicious activity based mostly on predefined principles.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“The vulnerability, CVE-2022-20685, is an integer-overflow issue that can lead to the Snort Modbus OT preprocessor to enter an infinite though loop,” Uri Katz, a security researcher with Claroty, explained in a report posted previous 7 days. “A successful exploit keeps Snort from processing new packets and generating alerts.”
Particularly, the shortcoming relates to how Snort procedures Modbus packets — an industrial facts communications protocol used in supervisory command and data acquisition (SCADA) networks — main to a scenario in which an attacker can mail a specially crafted packet to an impacted system.
“A effective exploit could allow for the attacker to lead to the Snort process to dangle, causing targeted traffic inspection to end,” Cisco mentioned in an advisory released previously this January addressing the flaw.
In other text, exploitation of the issue could permit an unauthenticated, distant attacker to create a denial-of-assistance (DoS) situation on affected gadgets, successfully hindering Snort’s ability to detect attacks and make it feasible to run malicious packets on the network.
“Successful exploits of vulnerabilities in network assessment resources these kinds of as Snort can have devastating impacts on business and OT networks,” Katz stated.
“Network evaluation instruments are an beneath-researched region that warrants more assessment and interest, specially as OT networks are significantly being centrally managed by IT network assessment acquainted with Snort and other identical resources.”
Uncovered this post attention-grabbing? Observe THN on Facebook, Twitter and LinkedIn to examine much more exclusive written content we article.
Some elements of this write-up are sourced from:
thehackernews.com
![[ebook] the ultimate security for management presentation template](https://thecybersecurity.news/data/2022/04/eBook-The-Ultimate-Security-for-Management-Presentation-Template-80x80.jpg)
[eBook] The Ultimate Security for Management Presentation Template