CVE-2020-3315 (CNNVD-202005-214)

MEDIUM
中文标题:
多款Cisco产品安全漏洞
英文标题:
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
CVSS分数: 5.8
发布时间: 2020-05-06 16:40:42
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Cisco 3000 Series Industrial Security Appliances等都是美国思科(Cisco)公司的产品。Cisco 3000 Series Industrial Security Appliances是一款3000系列防火墙设备。Cloud Services Router 1000V Series是一款1000v系列云服务路由器。Cisco 1000 Series Integrated Services Routers(ISRs)是一款1000系列集成多业务路由器。 多款Cisco产品的Snort检查引擎中HTTP响应处理的方法存在安全漏洞。远程攻击者可通过发送特制的HTTP数据包利用该漏洞绕过所配置的文件策略并向受保护的网络发送恶意的payload。以下产品及版本受到影响:1000 Series Integrated Services Routers;3000 Series Industrial Security Appliances;4000 Series Integrated Services Routers;Cloud Services Router 1000V Series;Firepower Threat Defense Software;Integrated Services Virtual Router。

英文描述:

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.

CWE类型:
CWE-693 CWE-668
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Cisco Cisco Firepower Threat Defense Software n/a - - cpe:2.3:a:cisco:cisco_firepower_threat_defense_software:n_a:*:*:*:*:*:*:*
cisco firepower_threat_defense * - - cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cisco secure_firewall_management_center 2.9.14.4 - - cpe:2.3:a:cisco:secure_firewall_management_center:2.9.14.4:*:*:*:*:*:*:*
cisco secure_firewall_management_center 2.9.15 - - cpe:2.3:a:cisco:secure_firewall_management_center:2.9.15:*:*:*:*:*:*:*
cisco secure_firewall_management_center 2.9.16 - - cpe:2.3:a:cisco:secure_firewall_management_center:2.9.16:*:*:*:*:*:*:*
cisco ios 15.2\(7\)e - - cpe:2.3:a:cisco:ios:15.2\(7\)e:*:*:*:*:*:*:*
cisco ios 16.11.2 - - cpe:2.3:o:cisco:ios:16.11.2:*:*:*:*:*:*:*
cisco ios 17.3.1 - - cpe:2.3:o:cisco:ios:17.3.1:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
20200506 Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability vendor-advisory
cve.org
访问
[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update mailing-list
cve.org
访问
DSA-5354 vendor-advisory
cve.org
访问
CVSS评分详情
3.0 (cna)
MEDIUM
5.8
CVSS向量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
机密性
NONE
完整性
LOW
可用性
NONE
时间信息
发布时间:
2020-05-06 16:40:42
修改时间:
2024-11-15 17:26:32
创建时间:
2025-11-11 15:36:18
更新时间:
2025-11-11 15:56:07
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2020-3315 2025-11-11 15:20:37 2025-11-11 07:36:18
NVD nvd_CVE-2020-3315 2025-11-11 14:56:58 2025-11-11 07:44:43
CNNVD cnnvd_CNNVD-202005-214 2025-11-11 15:10:25 2025-11-11 07:56:07
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:56:07
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202005-214; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • cnnvd_id: 未提取 -> CNNVD-202005-214
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:44:43
affected_products_count: 1 → 8; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 1 -> 8
  • data_sources: ['cve'] -> ['cve', 'nvd']