Vulnerability in Snort detection engine would allow unauthenticated remote hackers to cause DoS attacks on affected devices

A flaw has been reported in the Modbus preprocessor of the Snort detection engine whose exploitation could lead to severe hacking scenarios. Snort is a free network intrusion detection system (IDS) and an open source intrusion prevention system (IPS) developed by Cisco.

A report by the cybersecurity firm Claroty details the detection of a flaw in the Modbus preprocessor of the Snort detection engine. Tracked as CVE-2022-20685, successful exploitation of the flaw would trigger denial of service (DoS) conditions, rendering this solution ineffective against malicious traffic.

This flaw was described as an integer overflow that could cause the Snort Modbus OT preprocessor to enter an infinite loop cycle. The report adds that the vulnerability can be exploited by remote threat actors and resides in all versions of the open source Snort project prior to 2.9.19 and version

Claroty experts identified the flaw during an investigation of Snort’s OT preprocessors, focusing especially on Modbus because it is one of the most complex preprocessors. The analysis focused on this particular element because this is a popular industrial protocol.

According to the researchers, integer overflow in the Snort Modbus OT preprocessor allows threat actors to remotely send a manipulated packet to a vulnerable system, triggering an infinite loop and triggering a DoS condition.

On the other hand, Cisco issued a report confirming that the vulnerability in the Modbus preprocessor of the Snort detection engine could allow unauthenticated remote attackers to cause a DoS condition on the affected devices: “This vulnerability is due to an overflow of integers when processing Modbus traffic. An attacker could exploit this vulnerability by sending manipulated Modbus traffic through an affected device,” the company’s report concludes.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.