CVE-2024-20363

Name of the Vulnerable Software and Affected Versions Cisco products (affected versions not specified)

Description The issue is related to a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine, which could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This is due to incorrect HTTP packet handling. An attacker could exploit this by sending crafted HTTP packets through an affected device, potentially allowing uninspected traffic onto the network. The vulnerability is also associated with an authentication bypass via spoofing, enabling a remote attacker to circumvent existing security restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.