CVE-2026-20058
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Summary
Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.
These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit these vulnerabilities by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart, causing a DoS condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.0 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.0.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.3.0 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.2 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.3 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.3.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.4 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.5 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.4.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.3.1.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.0 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.5.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.6 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.1.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.7 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.5.2 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.3.1.2 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.8 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.6.0 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.2 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.8.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.2.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.9 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.7.0 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.2.2 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.10 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.6.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.2.3 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.6.2 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.7.10 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.6.2.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.7.10.1 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.2.4 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.10.2 | affected |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.4.3 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.9.3a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.1a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.2 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.13.1a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.9.5a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.3 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.14.1a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.4 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.3a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.15.1a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.9.6 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.16.1a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.4a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.15.2c | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.4b | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.15.2a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.5 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.17.1 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.5a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.15.3a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.15.3 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.5b | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.5c | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.15.4 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.18.1 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.18.1a | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.6 | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.15.4c | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.12.5d | affected |
| Cisco | Cisco UTD SNORT IPS Engine Software | 17.18.2 | affected |
Weaknesses
- CWE-786: Access of Memory Location Before Start of Buffer
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.