CVE-2020-3299

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense (FTD) versions (affected versions not specified) Cisco SD-WAN versions (affected versions not specified) Cisco IOS XE versions (affected versions not specified) Cisco Meraki versions (affected versions not specified)

Description: The issue is related to a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. This is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this by sending crafted HTTP packets through an affected device, potentially allowing them to bypass a configured File Policy for HTTP packets and deliver a malicious payload.

Recommendations: For Cisco Firepower Threat Defense (FTD), update to a version that includes a fix for the Snort detection engine vulnerability. For Cisco SD-WAN, apply the recommended configuration changes to mitigate the risk of exploitation until a patched version is available. For Cisco IOS XE, restrict access to HTTP packets to minimize the risk of exploitation until a fix is applied. For Cisco Meraki, consider disabling the Snort detection engine temporarily as a workaround until a patched version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.