Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities

2025-10-15

#7.3  #7.3.0  #7.3.1  #7.3.1.1  #7.3.1.2  #7.4  #7.4.0  #7.4.1  #7.4.1.1  #7.4.2  #7.4.2.1  #7.4.2.2  #7.4.2.3  #7.4.2.4  #7.6  #7.6.0 

🚨 SEVERITY: MEDIUM — CVSS 6.5 Security Advisory

TL;DR 📌

Multiple Cisco products are affected by vulnerabilities in the Snort 3 MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or restart, leading to a denial of service. Cisco has released software updates to address these vulnerabilities, but no workarounds are available.

What happened 🕵️‍♂️

Cisco has identified vulnerabilities in the HTTP Multipurpose Internet Mail Extensions (MIME) Decoder within Snort 3, which could be exploited by an unauthenticated remote attacker. These vulnerabilities may lead to the disclosure of sensitive information or cause the Snort 3 Detection Engine to restart unexpectedly, resulting in a denial of service (DoS) condition.

[]

Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability

2025-08-14

#7  #7.0.7  #7.7  #7.7.0  #Cisco  #Cisco Firepower Management Center  #Cisco Firepower Management Center Appliances 

🚨 SEVERITY: CRITICAL — CVSS 10.0 Security Advisory

TL;DR 📌

A critical vulnerability has been identified in the Cisco Secure Firewall Management Center (FMC) Software that allows unauthenticated remote code execution via the RADIUS subsystem. This vulnerability has a CVSS score of 10.0, indicating a severe risk. Immediate action is required to patch affected systems.

What happened 🕵️‍♂️

A vulnerability in the RADIUS subsystem of Cisco Secure FMC Software could allow an unauthenticated, remote attacker to execute arbitrary shell commands on the device. This issue arises from improper handling of user input during the authentication phase. Exploitation requires that RADIUS authentication is configured for the web-based management interface, SSH management, or both.

[]

Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability

2025-08-14

#7.7  #7.7.0  #Cisco  #Cisco 3000 Series Industrial Security Appliances (ISA)  #Cisco Firepower 1000 Series  #Cisco Firepower 4100 Series  #Cisco Firepower 9000 Series  #Cisco Firepower Threat Defense Software  #Cisco Secure Firewall 1200 Series  #Cisco Secure Firewall 3100 Series  #Cisco Secure Firewall 4200 Series  #Cisco Secure Firewall Threat Defense Virtual 

🚨 SEVERITY: MEDIUM — CVSS 5.8 Security Advisory

TL;DR 📌

A medium-severity vulnerability has been identified in the Geolocation-Based Remote Access VPN feature of Cisco Secure Firewall Threat Defense Software. This flaw allows unauthenticated attackers to bypass security policies, potentially granting unauthorized access to restricted networks. No workarounds are available, and software updates are necessary to mitigate the risk.

What happened 🕵️‍♂️

A vulnerability in Cisco Secure Firewall Threat Defense (FTD) Software’s Geolocation-Based Remote Access (RA) VPN feature could enable an unauthenticated, remote attacker to bypass configured policies that control HTTP connections based on geographical location. This issue arises from incomplete URL parsing, allowing attackers to exploit it by sending crafted HTTP connections. Successful exploitation could lead to unauthorized access to networks that should otherwise be protected.

[]