Cisco Secure Firewall Threat Defense Snort 3 SSL Memory Management Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software. This issue allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. The vulnerability arises from a logic error in memory management during Snort 3 SSL packet inspection. An attacker could exploit this by sending crafted SSL packets through an established connection, leading to an unexpected restart of the Snort 3 Detection Engine.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to restart unexpectedly, creating a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. For instructions on upgrading Cisco Secure FTD Software, refer to the Cisco Secure FTD upgrade guide. To determine the best release to upgrade to, consult the Cisco Secure Firewall Threat Defense Compatibility Guide.