CVE-2026-20052

Summary

A vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart.

This vulnerability is due to a logic error in memory management when a device is performing Snort 3 SSL packet inspection. An attacker could exploit this vulnerability by sending crafted SSL packets through an established connection to be parsed by the Snort 3 Detection Engine. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine unexpectedly restarts.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Secure Firewall Threat Defense (FTD) Software7.4.0affected
CiscoCisco Secure Firewall Threat Defense (FTD) Software7.4.1affected
CiscoCisco Secure Firewall Threat Defense (FTD) Software7.4.1.1affected
CiscoCisco Secure Firewall Threat Defense (FTD) Software7.6.0affected
CiscoCisco Secure Firewall Threat Defense (FTD) Software7.4.2affected
CiscoCisco Secure Firewall Threat Defense (FTD) Software7.4.2.1affected

Weaknesses

  • CWE-788: Access of Memory Location After End of Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References