New Sophos Support Phone Numbers in Effect July 1st, 2023

Network Protection: Firewall, NAT, QoS, & IPS Snort Denial of Service Vulnerability CVE-2022-20685

UTM Firewall requires membership for participation - click to join

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Snort Denial of Service Vulnerability CVE-2022-20685

SG-1 over 1 year ago

RichBaldry Is Sophos aware of and working on this?

https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj

This thread was automatically locked due to age.

Top Replies

Amodin over 1 year ago +1

Under 58906, 58907 on the ID. Astaro IPS Rules

Parents

RichBaldry over 1 year ago

Yes this is on our radar and we are working on a patch for the current snort engine. In the meantime, the risk of this being used by an external attacker is virtually eliminated by blocking inbound TCP connections on TCP port 502.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

RichBaldry over 1 year ago

Yes this is on our radar and we are working on a patch for the current snort engine. In the meantime, the risk of this being used by an external attacker is virtually eliminated by blocking inbound TCP connections on TCP port 502.
Cancel
Vote Up +1 Vote Down

Cancel

Children

SG-1 over 1 year ago in reply to RichBaldry

Thank you! Publicly here in the Sophos Community the info should be useful for the time being.
Cancel
Vote Up 0 Vote Down

Cancel