Cisco Secure Firewall Threat Defense Snort 3 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software. This issue allows an unauthenticated, remote attacker to cause the affected device to enter an infinite loop while processing traffic, leading to a DoS condition. The system watchdog will automatically restart the Snort process. The vulnerability arises from incorrect handling of inspected traffic, which can be exploited by sending crafted data through the affected device.

Impact

Exploitation of this vulnerability causes the affected device to enter an infinite loop while inspecting traffic, resulting in a denial-of-service condition. Although the system watchdog restarts the Snort process automatically, this vulnerability can still be exploited repeatedly to cause ongoing disruption.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For instructions on upgrading Cisco Secure FTD devices, refer to the appropriate Cisco Secure FMC upgrade guide. Customers without service contracts should contact the Cisco Technical Assistance Center (TAC) for assistance.