What is CVE-2024-20508?

CVE-2024-20508 is a medium-severity vulnerability in Cisco Utd Snort Ips Engine Software, classified under Heap-based Buffer Overflow. CVSS score: 5.8/10. Published 2024-09-25.

How severe is CVE-2024-20508?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Is CVE-2024-20508 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Cisco Utd Snort Ips Engine Software

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of serv…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (7.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Cisco Utd Snort Ips Engine Software — versions 17.12.1a, 17.12.2, 17.13.1a

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

cisco-sa-utd-snort3-dos-bypas-b4OUEwxD

Frequently asked questions

What is CVE-2024-20508?: CVE-2024-20508 is a medium-severity vulnerability in Cisco Utd Snort Ips Engine Software, classified under Heap-based Buffer Overflow. CVSS score: 5.8/10. Published 2024-09-25.
How severe is CVE-2024-20508?: Medium severity. CVSS v3 base score is 5.8 out of 10.
Is CVE-2024-20508 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.