Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass (cisco-sa-snort3-ips-bypass-uE69KBMd)

medium Nessus Plugin ID 197633


The remote device is missing a vendor-supplied security patch


According to its self-reported version, Cisco ASA Software is affected by a vulnerability.

- Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.


Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwh22565, CSCwh73244

See Also

Plugin Details

Severity: Medium

ID: 197633

File Name: cisco-sa-snort3-ips-bypass-uE69KBMd-asa.nasl

Version: 1.2

Type: local

Family: CISCO

Published: 5/22/2024

Updated: 5/31/2024

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 2.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2024-20363


Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:adaptive_security_appliance_software

Required KB Items: Host/Cisco/ASA/model

Exploit Ease: No known exploits are available

Patch Publication Date: 5/22/2024

Vulnerability Publication Date: 5/22/2024

Reference Information

CVE: CVE-2024-20363

CWE: 290

CISCO-SA: cisco-sa-snort3-ips-bypass-uE69KBMd

IAVA: 2024-A-0309, 2024-A-0314

CISCO-BUG-ID: CSCwh22565, CSCwh73244