Cisco Products Snort 3 Multicast DNS Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in multiple Cisco products that utilize the Snort 3 detection engine. This vulnerability allows an unauthenticated, remote attacker to disrupt packet inspection by causing the Snort 3 Detection Engine to restart. The issue arises from inadequate error handling when processing Multicast DNS fields in the HTTP header, enabling attackers to send crafted HTTP packets that exploit this flaw. As a result, the Snort 3 Detection Engine unexpectedly restarts, leading to a temporary interruption in service.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to restart unexpectedly, disrupting packet inspection and analysis.

Remediation

Cisco has released software updates that address this vulnerability. For Open Source Snort 3, users should upgrade to version 3.9.5.0 or later. For Cisco Secure Firewall Threat Defense (FTD) Software, Snort 3 must be active, and users can check their version using the Cisco Software Checker tool. Cisco IOS XE users should upgrade to version 17.12.7, 17.15.5, or 17.18.3, depending on their current release. Cisco Cyber Vision users should upgrade to version 5.3.3.