CVE-2020-3315

Name of the Vulnerable Software and Affected Versions Cisco IOS versions prior to the fixed version Cisco Firepower Threat Defense versions prior to the fixed version Cisco Firepower Management Center versions prior to the fixed version

Description The issue is related to errors in how the Snort detection engine handles specific HTTP responses, allowing an unauthenticated, remote attacker to bypass the configured file policies on an affected system. An attacker could exploit this by sending crafted HTTP packets that would flow through an affected system, potentially delivering a malicious payload to the protected network.

Recommendations For Cisco IOS, update to a version that includes the fix for this issue. For Cisco Firepower Threat Defense, update to a version that includes the fix for this issue. For Cisco Firepower Management Center, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Snort detection engine until a patch is available.