Cisco Products Snort 3 Visual Basic for Applications Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in multiple Cisco products that utilize Snort 3, specifically within the Visual Basic for Applications (VBA) feature. This vulnerability allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash, leading to an unexpected restart and a denial-of-service condition. The issue arises from improper error checking when decompressing VBA data, which can be exploited by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to crash, leading to a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. For Cisco Secure Firewall Threat Defense (FTD) Software, the vulnerability can be mitigated by disabling VBA decompression, which is not enabled by default. Instructions for managing Snort 3 configurations are available in the Cisco Secure Firewall Management Center Snort 3 Configuration Guide, Version 7.2.