Details have emerged a few now-patched safety vulnerability within the Snort intrusion detection and prevention system that might set off a denial-of-service (DoS) situation and render it powerless in opposition to malicious visitors.
Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides within the Modbus preprocessor of the Snort detection engine. It impacts all open-source Snort undertaking releases sooner than 2.9.19 in addition to model 184.108.40.206.
Maintained by Cisco, Snort is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) that provides real-time community visitors evaluation to identify potential indicators of malicious exercise primarily based on predefined guidelines.
“The vulnerability, CVE-2022-20685, is an integer-overflow issue that can cause the Snort Modbus OT preprocessor to enter an infinite while loop,” Uri Katz, a safety researcher with Claroty, mentioned in a report revealed final week. “A successful exploit keeps Snort from processing new packets and generating alerts.”
Specifically, the shortcoming pertains to how Snort processes Modbus packets — an industrial data communications protocol utilized in supervisory management and data acquisition (SCADA) networks — resulting in a situation the place an attacker can ship a specifically crafted packet to an affected system.
“A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop,” Cisco famous in an advisory revealed earlier this January addressing the flaw.
In different phrases, exploitation of the difficulty might enable an unauthenticated, distant attacker to create a denial-of-service (DoS) situation on affected units, successfully hindering Snort’s skill to detect assaults and making it potential to run malicious packets on the community.
“Successful exploits of vulnerabilities in network analysis tools such as Snort can have devastating impacts on enterprise and OT networks,” Katz mentioned.
“Network analysis tools are an under-researched area that deserves more analysis and attention, especially as OT networks are increasingly being centrally managed by IT network analysts familiar with Snort and other similar tools.”