Detections
Analytics
Cisco Meraki 14 / 15 / 16 < 16.16 DoS (cisco-sa-snort-dos-9D3hJLuj)
high Nessus Plugin ID 241194
Language:
Synopsis
The remote Cisco Meraki device is potentially missing one or more security-related updates.Description
The version of the remote Cisco Meraki device is version 14, 15, or 16 prior to 16.16. It is, therefore, potentially affected by a denial of service vulnerability as referenced in the cisco-sa-snort-dos-9D3hJLuj advisory:- A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability. (CVE-2022-20685)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Cisco Meraki version 16.16 or later.See Also
Plugin Details
Severity: High
ID: 241194
File Name: cisco_meraki_cisco-sa-snort-dos-9D3hJLuj.nasl
Version: 1.2
Type: remote
Family: CISCO
Published: 7/2/2025
Updated: 7/2/2025
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2022-20685
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: cpe:/h:cisco:meraki
Required KB Items: installed_sw/Cisco Meraki, Settings/ParanoidReport
Patch Publication Date: 1/19/2022
Vulnerability Publication Date: 1/19/2022
Reference Information
CVE: CVE-2022-20685