Cisco Products Snort 3 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in multiple Cisco products that use the Snort 3 Detection Engine. This vulnerability allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, disrupting packet inspection. The issue arises from incomplete parsing of SSL handshake ingress packets, which an attacker could exploit by sending crafted SSL handshake packets. When the Snort 3 Detection Engine restarts unexpectedly, it creates a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to restart unexpectedly, interrupting packet inspection and analysis.

Remediation

Cisco has released software updates that address this vulnerability. For Open Source Snort 3, users should upgrade to version 3.9.2.0 or later. For Cisco Secure Firewall Threat Defense Software, Snort 3 must be active, and users can check their version using the Cisco Software Checker tool. Cisco Meraki MX Security Appliances have been automatically updated with the Snort 3 package as of February 5, 2026.