Cisco Secure Firewall Threat Defense Snort Deep Packet Inspection Bypass Vulnerability

A vulnerability exists in the Snort 2 and Snort 3 deep packet inspection components of Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability could allow an unauthenticated, remote attacker to bypass configured Snort rules, enabling traffic to pass through the network that should have been blocked. The issue arises from a logic error in how Snort Engine rules are integrated with Cisco Secure FTD Software, potentially allowing different Snort rules to be applied inconsistently during deep packet inspection of inner and outer connections. Exploitation involves sending crafted traffic that triggers the Snort rules, thereby allowing denied traffic to reach the network.

Impact

Exploitation of this vulnerability could result in unauthorized traffic being allowed onto the network, bypassing security measures that should have blocked it.

Remediation

Cisco has released software updates to address this vulnerability. For instructions on upgrading Cisco Secure FTD Software, refer to the Cisco Secure FMC upgrade guide. To determine the best release to upgrade to, consult the Cisco Secure Firewall Threat Defense Compatibility Guide.