cisco-sa-ftd-snort-dos-hd2hFgM: Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability
First published: Wed Apr 27 2022(Updated: )
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances, the attacker may be able to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort-dos-hd2hFgM This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
Credit: This vulnerability was found by Sanmith Prakash Cisco during internal security testing
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FTD Software | >=6.2.2 and earlier=6.2.3=6.3.0<=6.4.0<6.4.0.15 (May 2022) | 6.4.0.15 (May 2022) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability?
The vulnerability ID for the Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability is cisco-sa-ftd-snort-dos-hd2hFgM.
What is the severity of the Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability?
The severity of the Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability is high with a CVSS score of 8.6.
How does the Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability impact affected devices?
The vulnerability can allow an unauthenticated, remote attacker to cause unlimited memory consumption, leading to a denial of service (DoS) condition on the affected device.
Which versions of Cisco Firepower Threat Defense Software are affected by the Snort Out of Memory Denial of Service Vulnerability?
Versions 6.2.2 and earlier, 6.2.3, 6.3.0, and 6.4.0 up to exclusive version 6.4.0.15 (May 2022) of Cisco Firepower Threat Defense Software are affected by the Snort Out of Memory Denial of Service Vulnerability.
How can I fix the Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability?
Cisco has released a fixed version of the software. Please refer to the Cisco Security Advisory for the appropriate update.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco ftd software
- version/cisco ftd software/6.2.2 and earlier
- version/cisco ftd software/6.2.3
- version/cisco ftd software/6.3.0
- version/cisco ftd software/6.4.0