Cisco Products Snort 3 DCE/RPC Information Disclosure Vulnerability

A vulnerability exists in multiple Cisco products running Snort 3, specifically in the processing of DCE/RPC requests. This issue could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, disrupting packet inspection. The vulnerability arises from improper buffer handling when processing DCE/RPC requests, leading to a buffer out-of-bounds read. Exploitation involves sending a high volume of DCE/RPC requests through an established connection that Snort 3 is inspecting, potentially allowing the attacker to access sensitive information within the Snort 3 data stream.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information being processed by the Snort 3 Detection Engine.

Remediation

Cisco has released software updates to address this vulnerability. For Open Source Snort 3, users should upgrade to version 3.9.6.0. For Cisco Secure Firewall Threat Defense Software, hot fixes are available for versions 7.0 and 7.2. Cisco Meraki plans to release fixes in February 2026.