Claroty’s Team 82 researchers have uncovered another cyber threat.

  • Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets. 
  • The vulnerability, CVE-2022-20685, is an integer-overflow issue that can cause the Snort Modbus OT preprocessor to enter an infinite while-loop.
  • A successful exploit keeps Snort from processing new packets and generating alerts. 
  • The vulnerability, which can be attacked remotely, has been patched by Cisco and the Snort team.
  • All open source Snort project releases earlier than 2.9.19 and release 3.1.11.0 are vulnerable.
  • Read Cisco’s advisory here for commercial product patching and mitigation information. 
Share This