Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

Aspects have emerged about a now-patched security vulnerability in the Snort intrusion detection and avoidance process that could induce a denial-of-assistance (DoS) problem and render it powerless in opposition to malicious website traffic.

Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It influences all open up-resource Snort venture releases before than 2.9.19 as nicely as variation 3.1.11..

Maintained by Cisco, Snort is an open up-source intrusion detection process (IDS) and intrusion avoidance system (IPS) that presents real-time network website traffic assessment to spot potential indications of malicious activity based mostly on predefined principles.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

“The vulnerability, CVE-2022-20685, is an integer-overflow issue that can lead to the Snort Modbus OT preprocessor to enter an infinite though loop,” Uri Katz, a security researcher with Claroty, explained in a report posted previous 7 days. “A successful exploit keeps Snort from processing new packets and generating alerts.”

Particularly, the shortcoming relates to how Snort procedures Modbus packets — an industrial facts communications protocol used in supervisory command and data acquisition (SCADA) networks — main to a scenario in which an attacker can mail a specially crafted packet to an impacted system.

“A effective exploit could allow for the attacker to lead to the Snort process to dangle, causing targeted traffic inspection to end,” Cisco mentioned in an advisory released previously this January addressing the flaw.

In other text, exploitation of the issue could permit an unauthenticated, distant attacker to create a denial-of-assistance (DoS) situation on affected gadgets, successfully hindering Snort’s ability to detect attacks and make it feasible to run malicious packets on the network.

“Successful exploits of vulnerabilities in network assessment resources these kinds of as Snort can have devastating impacts on business and OT networks,” Katz stated.

“Network evaluation instruments are an beneath-researched region that warrants more assessment and interest, specially as OT networks are significantly being centrally managed by IT network assessment acquainted with Snort and other identical resources.”

Uncovered this post attention-grabbing? Observe THN on Facebook, Twitter  and LinkedIn to examine much more exclusive written content we article.