CVE Vulnerabilities

CVE-2023-20071

Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations

Published: Nov 01, 2023 | Modified: Nov 21, 2024
CVSS 3.x
5.8
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.

Weakness

The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept.

Affected Software

Name Vendor Start Version End Version
Firepower_threat_defense Cisco * 6.4.0.17 (excluding)
Firepower_threat_defense Cisco 6.5.0 (including) 7.0.6 (excluding)
Firepower_threat_defense Cisco 7.1.0 (including) 7.2.4 (excluding)
Firepower_threat_defense Cisco 7.3.0 (including) 7.3.1.2 (excluding)

Extended Description

When techniques such as machine learning are used to automatically classify input streams, and those classifications are used for security-critical decisions, then any mistake in classification can introduce a vulnerability that allows attackers to cause the product to make the wrong security decision. If the automated mechanism is not developed or “trained” with enough input data, then attackers may be able to craft malicious input that intentionally triggers the incorrect classification. Targeted technologies include, but are not necessarily limited to:

For example, an attacker might modify road signs or road surface markings to trick autonomous vehicles into misreading the sign/marking and performing a dangerous action.

References