Security News > 2022 > April > Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service condition and render it powerless against malicious traffic.

Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine.

Maintained by Cisco, Snort is an open-source intrusion detection system and intrusion prevention system that offers real-time network traffic analysis to spot potential signs of malicious activity based on predefined rules.

Specifically, the shortcoming relates to how Snort processes Modbus packets - an industrial data communications protocol used in supervisory control and data acquisition networks - leading to a scenario where an attacker can send a specially crafted packet to an affected device.

"Successful exploits of vulnerabilities in network analysis tools such as Snort can have devastating impacts on enterprise and OT networks," Katz said.

"Network analysis tools are an under-researched area that deserves more analysis and attention, especially as OT networks are increasingly being centrally managed by IT network analysis familiar with Snort and other similar tools."

News URL

https://thehackernews.com/2022/04/researchers-detail-bug-that-could.html