Cisco Products Snort 3 Remote Procedure Call Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in multiple Cisco products that utilize the Snort 3 detection engine. This vulnerability allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, disrupting packet inspection. The issue arises from inadequate error handling when processing remote procedure call (RPC) data. An attacker could exploit this vulnerability by sending crafted RPC packets through an established connection, leading to an unexpected restart of the Snort 3 Detection Engine.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to restart unexpectedly, interrupting packet inspection.

Remediation

Cisco has released software updates that address this vulnerability. For Open Source Snort 3, users should upgrade to version 3.9.2.0 or later. For Cisco Secure Firewall Threat Defense (FTD) Software, Snort 3 must be active, and users can check their version using the Cisco Software Checker. Cisco Cyber Vision users should upgrade to version 5.3.3.