Description
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection.

This vulnerability is due to an error in the binder module initialization logic of the Snort Detection Engine. An attacker could exploit this vulnerability by sending certain packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine restarts unexpectedly.
Published: 2026-03-04
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A flaw in the Snort 3 Detection Engine’s binder module initialization logic can cause the engine to restart when certain packets are parsed over an established connection. This restart leads to an interruption of packet inspection, effectively denying the service. The vulnerability is categorized as a denial‑of‑service (DoS) and is identified as CWE‑667. The impact is limited to availability, as it does not directly compromise confidentiality or integrity.

Affected Systems

Cisco Secure Firewall Threat Defense (FTD) Software and Cisco UTD SNORT IPS Engine Software are affected. No specific version ranges are listed, implying all current releases of these products are vulnerable until the fix is applied.

Risk and Exploitability

The CVSS score of 5.8 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not included in CISA’s KEV catalog. The attack appears to be possible remotely via normal network traffic, with an unauthenticated attacker needing only to send crafted packets through an existing connection to trigger the DoS.

Generated by OpenCVE AI on April 16, 2026 at 13:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Cisco Secure Firewall Threat Defense and Cisco UTD SNORT IPS Engine to the latest release that contains the fix for this Snort 3 binder module issue.
  • If an upgrade cannot be performed immediately, isolate or temporarily disable the Snort 3 Detection Engine to prevent unintended restarts until a patch is applied.
  • Configure network segmentation and firewall rules to restrict external access to the Snort 3 component, limiting exposure to the specific packet patterns that trigger the flaw.
  • Continuously monitor traffic for abnormal packet sequences that could exploit the vulnerability and apply additional defensive rules as needed.

Generated by OpenCVE AI on April 16, 2026 at 13:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco cisco Utd Snort Ips Engine Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco cisco Utd Snort Ips Engine Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the binder module initialization logic of the Snort Detection Engine. An attacker could exploit this vulnerability by sending certain packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine restarts unexpectedly.
Title Multiple Cisco Products Snort 3 TBD Denial of Service Vulnerability
Weaknesses CWE-667
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}

Subscriptions

Cisco Cisco Utd Snort Ips Engine Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T20:50:05.611Z

Reserved: 2025-10-08T11:59:15.357Z

Link: CVE-2026-20065

cve-icon Vulnrichment

Updated: 2026-03-04T20:49:58.639Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:21.350

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20065

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses