Cisco Secure Firewall Threat Defense Software Snort 3 Denial of Service Vulnerability
TL;DR 📌
A high-severity denial of service (DoS) vulnerability has been identified in the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense Software. An unauthenticated remote attacker can exploit this issue, leading to potential service disruptions. Cisco has released software updates to address this vulnerability, but no workarounds are available.
What happened 🕵️♂️
A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition on affected devices. This issue arises from incorrect processing of traffic being inspected, which can lead to an infinite loop during traffic inspection. Although the system watchdog will automatically restart the Snort process, the vulnerability poses a significant risk of service interruption.
Affected products 🖥️
This vulnerability affects Cisco devices running a vulnerable release of Cisco Secure FTD Software with an enabled intrusion policy that utilizes the Snort 3 engine. For specific affected versions, refer to the Fixed Software section of the advisory.
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds available to mitigate this vulnerability.
Risk in context 🎯
The highest CVSS score for this vulnerability is 8.6, categorizing it as High severity. The exposure is significant as it allows unauthenticated remote access, potentially leading to service disruptions. Organizations should prioritize applying the available software updates to mitigate the risk of exploitation.
Fast facts ⚡
- Vulnerability: Denial of Service in Snort 3 Detection Engine
- CVSS Score: 8.6 (High)
- Exploitation: Requires unauthenticated remote access
- Workarounds: None available
- Impact: Service disruption due to infinite loop during traffic inspection
For leadership 🧭
This vulnerability poses a High risk (CVSS 8.6) as it allows unauthenticated remote attackers to exploit the Snort 3 engine, potentially causing significant service disruptions. Immediate remediation is required, with a recommendation to patch within 7 days. The operational impact involves a brief maintenance window with no expected configuration drift.
Now: Prioritize patching affected devices within 7 days.
Next: Review and confirm the Snort 3 configuration on all Cisco Secure FTD devices.
Later: Monitor for any updates or additional advisories from Cisco regarding this vulnerability.