Description
Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection.

This vulnerability is due to incomplete error checking when parsing remote procedure call (RPC) data. An attacker could exploit this vulnerability by sending crafted RPC packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts.
Published: 2026-03-04
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (service interruption)
Action: Apply Patch
AI Analysis

Impact

This Vulnerability arises from incomplete error handling during RPC data parsing in the Snort 3 detection engine. When an attacker sends specially crafted RPC packets, the parser can crash, forcing the engine to restart. The resultant restart interrupts packet inspection, effectively denying service to all traffic monitored by the engine. The weakness is identified as CWE-248: Missing Proper Error Handling.

Affected Systems

Affected vendors include Cisco Cyber Vision, Cisco Secure Firewall Threat Defense (FTD) Software, and Cisco UTD SNORT IPS Engine Software. All impacted instances incorporate the Snort 3 detection engine; no specific version ranges are supplied in the advisory.

Risk and Exploitability

The advisory assigns a CVSS score of 5.8, indicating moderate severity, while the EPSS score is less than 1 % and the issue is not listed in the CISA KEV catalog. The vulnerability can be exploited remotely; an unauthenticated attacker must send crafted RPC packets to a susceptible instance. No escalation of privileges is required, and the primary effect is denial of service through an unexpected engine restart.

Generated by OpenCVE AI on April 17, 2026 at 13:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco firmware or patch that corrects the RPC parsing error in Snort 3, addressing the missing proper error handling (CWE-248).
  • If no patch is immediately available, restrict or disable RPC interfaces that feed the Snort 3 engine, or block non‑authorized traffic at the firewall before it reaches those interfaces, thereby mitigating the missing error handling weakness (CWE-248).
  • Configure monitoring and alerting to detect unexpected Snort 3 restarts, treat such events as a high‑severity incident, and respond promptly.

Generated by OpenCVE AI on April 17, 2026 at 13:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco cisco Utd Snort Ips Engine Software
Cisco cyber Vision
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco cisco Utd Snort Ips Engine Software
Cisco cyber Vision
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete error checking when parsing remote procedure call (RPC) data. An attacker could exploit this vulnerability by sending crafted RPC packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts.
Title Multiple Cisco Products Snort 3 TBD Denial of Service Vulnerability
Weaknesses CWE-248
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}

Subscriptions

Cisco Cisco Utd Snort Ips Engine Software Cyber Vision Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T20:26:35.118Z

Reserved: 2025-10-08T11:59:15.357Z

Link: CVE-2026-20068

cve-icon Vulnrichment

Updated: 2026-03-04T20:26:29.991Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:22.330

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20068

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses