Cisco Secure Firewall Threat Defense Software Snort 3 TLS Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the TLS cryptography functionality of the Snort 3 Detection Engine within Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, disrupting service and dropping network traffic. The issue arises from an improper implementation of the TLS protocol, which could be exploited by sending a crafted TLS packet to an affected system. Notably, devices running Cisco Secure FTD Software with Snort 3 enabled and certain SSL or decryption policy configurations are vulnerable. TLS 1.3 is not affected by this vulnerability.

Impact

Exploitation of this vulnerability leads to an unexpected restart of the Snort 3 Detection Engine, causing a denial-of-service condition by dropping network traffic.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices are available in the Cisco Secure FMC upgrade guide. For help determining the best Cisco Secure FTD Software release, consult the Cisco Secure Firewall Threat Defense Compatibility Guide.