Claroty’s Team 82 researchers have uncovered another cyber threat.
- Team82 discovered a means by which it could blind the popular Snort intrusion detection and prevention system to malicious packets.
- The vulnerability, CVE-2022-20685, is an integer-overflow issue that can cause the Snort Modbus OT preprocessor to enter an infinite while-loop.
- A successful exploit keeps Snort from processing new packets and generating alerts.
- The vulnerability, which can be attacked remotely, has been patched by Cisco and the Snort team.
- All open source Snort project releases earlier than 2.9.19 and release 3.1.11.0 are vulnerable.
- Read Cisco’s advisory here for commercial product patching and mitigation information.