Description
A vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart.

This vulnerability is due to a logic error in memory management when a device is performing Snort 3 SSL packet inspection. An attacker could exploit this vulnerability by sending crafted SSL packets through an established connection to be parsed by the Snort 3 Detection Engine. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine unexpectedly restarts.
Published: 2026-03-04
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A logic error in memory management of the Snort 3 Detection Engine in Cisco Secure Firewall Threat Defense software could allow an unauthenticated remote attacker to cause the engine to restart. The flaw arises when the device performs Snort 3 SSL packet inspection and processes crafted SSL packets sent through an established connection. Exploitation results in a denial of service as the Snort 3 Detection Engine unexpectedly restarts, interrupting the firewall’s packet inspection capabilities. This issue corresponds to CWE‑788, insecure memory management.

Affected Systems

The vulnerability affects Cisco Secure Firewall Threat Defense (FTD) software that includes the Snort 3 Detection Engine with SSL packet inspection enabled. Specific version information is not provided, so all deployments of the affected software are potentially vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 5.8 indicates moderate risk, while the EPSS score of less than 1% suggests a low probability of widespread exploitation. The flaw is not listed in the CISA KEV catalog. The attack requires remote, unauthenticated access to send crafted SSL packets to the firewall; no privilege escalation or local access is needed. Once exploited, the Snort 3 engine restarts, causing a service interruption that can degrade firewall performance for all traffic passing through the device.

Generated by OpenCVE AI on April 16, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cisco Secure Firewall Threat Defense software to the latest version that fixes the Snort 3 SSL packet inspection memory management issue.
  • If an immediate software update is unavailable, consider disabling Snort 3 SSL packet inspection on affected firewalls until a patch is applied to mitigate the restart risk.
  • Monitor firewall logs for unexpected restarts of the Snort 3 Detection Engine and inspect for anomalous traffic patterns that may indicate attempted exploitation.

Generated by OpenCVE AI on April 16, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a logic error in memory management when a device is performing Snort 3 SSL packet inspection. An attacker could exploit this vulnerability by sending crafted SSL packets&nbsp;through an established connection to be parsed by the Snort 3 Detection Engine. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine unexpectedly restarts.
Title Cisco Secure Firewall Threat Defense Software Snort 3 Memory Management Denial of Service Vulnerability
Weaknesses CWE-788
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}

Subscriptions

Cisco Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T20:46:43.211Z

Reserved: 2025-10-08T11:59:15.355Z

Link: CVE-2026-20052

cve-icon Vulnrichment

Updated: 2026-03-04T20:46:39.793Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:19.420

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20052

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses