Cisco Snort 3 VBA Decompression Engine Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Snort 3 Visual Basic for Applications (VBA) feature of multiple Cisco products. This vulnerability allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash, leading to an unexpected restart and a denial-of-service condition. The issue arises from improper error checking when decompressing VBA data, which can be exploited by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to crash, leading to a denial-of-service condition.

Remediation

VBA decompression is not enabled by default for any Snort 3 Inspector. If it is disabled until the device can be upgraded to a fixed software release, the device will not be affected by this vulnerability. For information about fixed releases, consult the Cisco Software Checker or the specific product's upgrade guide.