CVE-2026-20005 - Vulnerability Details

Description

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection.

This vulnerability is due to incomplete parsing of the SSL handshake ingress packets. An attacker could exploit this vulnerability by sending crafted SSL handshake packets. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine restarts unexpectedly.

Published: 2026-03-04

Score: 5.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Secure Firewall Threat Defense (FTD) Software

affected

Version	Status	Constraints
`7.6.0`	affected	—
`7.6.1`	affected	—
`7.6.2`	affected	—
`7.6.2.1`	affected	—
`7.7.0`	affected	—
`7.7.10`	affected	—
`7.7.10.1`	affected	—

Cisco

Cisco Cyber Vision

affected

Version	Status	Constraints
`3.0.4`	affected	—
`3.0.0`	affected	—
`3.0.1`	affected	—
`3.0.2`	affected	—
`3.0.3`	affected	—
`3.0.5`	affected	—
`3.0.6`	affected	—
`3.1.0`	affected	—
`3.1.2`	affected	—
`3.1.1`	affected	—
`3.2.3`	affected	—
`3.2.1`	affected	—
`3.2.4`	affected	—
`3.2.0`	affected	—
`3.2.2`	affected	—
`4.0.0`	affected	—
`4.0.1`	affected	—
`4.0.2`	affected	—
`4.0.3`	affected	—
`4.1.0`	affected	—
`4.1.1`	affected	—
`4.1.2`	affected	—
`4.1.3`	affected	—
`4.1.4`	affected	—
`4.1.5`	affected	—
`4.1.6`	affected	—
`4.1.7`	affected	—
`4.2.0`	affected	—
`4.2.1`	affected	—
`4.2.4`	affected	—
`4.2.6`	affected	—
`4.2.2`	affected	—
`4.2.3`	affected	—
`4.3.0`	affected	—
`4.3.1`	affected	—
`4.3.2`	affected	—
`4.3.3`	affected	—
`4.4.0`	affected	—
`4.4.1`	affected	—
`4.4.2`	affected	—
`4.4.3`	affected	—
`5.0.0`	affected	—
`5.0.1`	affected	—
`5.0.2`	affected	—
`5.1.1`	affected	—
`5.1.2`	affected	—
`5.1.3`	affected	—
`5.2.0`	affected	—
`5.2.1`	affected	—
`5.3.0`	affected	—
`5.3.1`	affected	—
`5.3.2`	affected	—

Cisco

Cisco UTD SNORT IPS Engine Software

affected

Version	Status	Constraints
`17.2.1r`	affected	—
`17.3.1a`	affected	—
`17.3.2`	affected	—
`17.3.3`	affected	—
`17.3.4a`	affected	—
`17.3.6`	affected	—
`17.3.5`	affected	—
`17.3.7`	affected	—
`17.3.8`	affected	—
`17.4.1a`	affected	—
`17.4.2`	affected	—
`17.4.1b`	affected	—
`17.5.1a`	affected	—
`17.6.1a`	affected	—
`17.6.2`	affected	—
`17.6.3a`	affected	—
`17.6.4`	affected	—
`17.6.5`	affected	—
`17.6.6`	affected	—
`17.6.7`	affected	—
`17.6.8a`	affected	—
`17.7.1a`	affected	—
`17.7.2`	affected	—
`17.10.1a`	affected	—
`17.9.1a`	affected	—
`17.9.2a`	affected	—
`17.9.3a`	affected	—
`17.9.4`	affected	—
`17.9.5a`	affected	—
`17.9.6`	affected	—
`17.9.5e`	affected	—
`17.9.5f`	affected	—
`17.9.7a`	affected	—
`17.9.8`	affected	—
`17.9.7b`	affected	—
`17.8.1a`	affected	—
`17.11.1a`	affected	—
`17.12.1a`	affected	—
`17.12.2`	affected	—
`17.12.3`	affected	—
`17.12.4`	affected	—
`17.12.4a`	affected	—
`17.12.4b`	affected	—
`17.12.5`	affected	—
`17.12.5a`	affected	—
`17.12.5b`	affected	—
`17.12.5c`	affected	—
`17.12.6`	affected	—
`17.12.5d`	affected	—
`17.13.1a`	affected	—
`17.14.1a`	affected	—
`17.15.1a`	affected	—
`17.15.2a`	affected	—
`17.15.2c`	affected	—
`17.15.3`	affected	—
`17.15.3a`	affected	—
`17.15.4`	affected	—
`17.15.4c`	affected	—
`17.16.1a`	affected	—
`17.17.1`	affected	—
`17.18.1a`	affected	—
`17.18.2`	affected	—

No data.

Vendor Product Confidence Versions

Cisco

Cisco Utd Snort Ips Engine Software

100%

Version	Status	Scheme	Platform
`17.2.1r`	affected	generic	—
`17.3.1a`	affected	generic	—
`17.3.2`	affected	semver	—
`17.3.3`	affected	semver	—
`17.3.4a`	affected	generic	—
`17.3.6`	affected	semver	—
`17.3.5`	affected	semver	—
`17.3.7`	affected	semver	—
`17.3.8`	affected	semver	—
`17.4.1a`	affected	generic	—
`17.4.2`	affected	semver	—
`17.4.1b`	affected	generic	—
`17.5.1a`	affected	generic	—
`17.6.1a`	affected	generic	—
`17.6.2`	affected	semver	—
`17.6.3a`	affected	generic	—
`17.6.4`	affected	semver	—
`17.6.5`	affected	semver	—
`17.6.6`	affected	semver	—
`17.6.7`	affected	semver	—
`17.6.8a`	affected	generic	—
`17.7.1a`	affected	generic	—
`17.7.2`	affected	semver	—
`17.10.1a`	affected	generic	—
`17.9.1a`	affected	generic	—
`17.9.2a`	affected	generic	—
`17.9.3a`	affected	generic	—
`17.9.4`	affected	semver	—
`17.9.5a`	affected	generic	—
`17.9.6`	affected	semver	—
`17.9.5e`	affected	generic	—
`17.9.5f`	affected	generic	—
`17.9.7a`	affected	generic	—
`17.9.8`	affected	semver	—
`17.9.7b`	affected	generic	—
`17.8.1a`	affected	generic	—
`17.11.1a`	affected	generic	—
`17.12.1a`	affected	generic	—
`17.12.2`	affected	semver	—
`17.12.3`	affected	semver	—
`17.12.4`	affected	semver	—
`17.12.4a`	affected	generic	—
`17.12.4b`	affected	generic	—
`17.12.5`	affected	semver	—
`17.12.5a`	affected	generic	—
`17.12.5b`	affected	generic	—
`17.12.5c`	affected	generic	—
`17.12.6`	affected	semver	—
`17.12.5d`	affected	generic	—
`17.13.1a`	affected	generic	—
`17.14.1a`	affected	generic	—
`17.15.1a`	affected	generic	—
`17.15.2a`	affected	generic	—
`17.15.2c`	affected	generic	—
`17.15.3`	affected	semver	—
`17.15.3a`	affected	generic	—
`17.15.4`	affected	semver	—
`17.15.4c`	affected	generic	—
`17.16.1a`	affected	generic	—
`17.17.1`	affected	semver	—
`17.18.1a`	affected	generic	—
`17.18.2`	affected	semver	—

Cisco

Cyber Vision

86%

Version	Status	Scheme	Platform
`3.0.4`	affected	semver	—
`3.0.0`	affected	semver	—
`3.0.1`	affected	semver	—
`3.0.2`	affected	semver	—
`3.0.3`	affected	semver	—
`3.0.5`	affected	semver	—
`3.0.6`	affected	semver	—
`3.1.0`	affected	semver	—
`3.1.2`	affected	semver	—
`3.1.1`	affected	semver	—
`3.2.3`	affected	semver	—
`3.2.1`	affected	semver	—
`3.2.4`	affected	semver	—
`3.2.0`	affected	semver	—
`3.2.2`	affected	semver	—
`4.0.0`	affected	semver	—
`4.0.1`	affected	semver	—
`4.0.2`	affected	semver	—
`4.0.3`	affected	semver	—
`4.1.0`	affected	semver	—
`4.1.1`	affected	semver	—
`4.1.2`	affected	semver	—
`4.1.3`	affected	semver	—
`4.1.4`	affected	semver	—
`4.1.5`	affected	semver	—
`4.1.6`	affected	semver	—
`4.1.7`	affected	semver	—
`4.2.0`	affected	semver	—
`4.2.1`	affected	semver	—
`4.2.4`	affected	semver	—
`4.2.6`	affected	semver	—
`4.2.2`	affected	semver	—
`4.2.3`	affected	semver	—
`4.3.0`	affected	semver	—
`4.3.1`	affected	semver	—
`4.3.2`	affected	semver	—
`4.3.3`	affected	semver	—
`4.4.0`	affected	semver	—
`4.4.1`	affected	semver	—
`4.4.2`	affected	semver	—
`4.4.3`	affected	semver	—
`5.0.0`	affected	semver	—
`5.0.1`	affected	semver	—
`5.0.2`	affected	semver	—
`5.1.1`	affected	semver	—
`5.1.2`	affected	semver	—
`5.1.3`	affected	semver	—
`5.2.0`	affected	semver	—
`5.2.1`	affected	semver	—
`5.3.0`	affected	semver	—
`5.3.1`	affected	semver	—
`5.3.2`	affected	semver	—

Cisco

Secure Firewall Threat Defense

100%

Version	Status	Scheme	Platform
`7.6.0`	affected	semver	—
`7.6.1`	affected	semver	—
`7.6.2`	affected	semver	—
`7.6.2.1`	affected	generic	—
`7.7.0`	affected	semver	—
`7.7.10`	affected	semver	—
`7.7.10.1`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00089.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-multi-dos-XFWkWSwz

History

Thu, 05 Mar 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco cisco Utd Snort Ips Engine Software Cisco cyber Vision Cisco secure Firewall Threat Defense
Vendors & Products		Cisco Cisco cisco Utd Snort Ips Engine Software Cisco cyber Vision Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description	Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete parsing of the SSL handshake ingress packets by the Snort 3 Detection Engine. An attacker could exploit this vulnerability by sending crafted SSL handshake packets. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine restarts unexpectedly.	Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete parsing of the SSL handshake ingress packets. An attacker could exploit this vulnerability by sending crafted SSL handshake packets. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine restarts unexpectedly.
Title	Multiple Cisco Products Snort 3 SSL Denial of Service Vulnerability

Wed, 04 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete parsing of the SSL handshake ingress packets by the Snort 3 Detection Engine. An attacker could exploit this vulnerability by sending crafted SSL handshake packets. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine restarts unexpectedly.
Title		Multiple Cisco Products Snort 3 SSL Denial of Service Vulnerability
Weaknesses		CWE-392
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-multi-dos-XFWkWSwz
Metrics		cvssV3_1 `{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}`

Subscriptions

Cisco Cisco Utd Snort Ips Engine Software Cyber Vision Secure Firewall Threat Defense

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-03-04T17:02:45.919Z

Updated: 2026-03-04T18:04:14.731Z

Reserved: 2025-10-08T11:59:15.349Z

Link: CVE-2026-20005

Vulnrichment

Updated: 2026-03-04T17:18:53.283Z

NVD

Status : Awaiting Analysis

Published: 2026-03-04T17:16:18.110

Modified: 2026-03-04T18:16:13.133

Link: CVE-2026-20005

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-05T09:06:55Z

Weaknesses

CWE-392

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object