Cisco Snort 3 VBA Feature Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Snort 3 Visual Basic for Applications (VBA) feature of multiple Cisco products. This vulnerability allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. The issue arises from improper error checking when decompressing VBA data, which can be exploited by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could lead the Snort 3 Detection Engine to enter an infinite loop, causing a DoS condition.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to crash, leading to a denial-of-service condition.

Remediation

VBA decompression is not enabled by default for any Snort 3 Inspector. If it is disabled until the device can be upgraded to a fixed software release, the device will not be affected by this vulnerability. Cisco has released software updates that address this vulnerability.