cisco-sa-ftd2100-snort-dos-M9HuMt75: Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Appliances TCP UDP Snort 2 and Snort 3 Denial of Service Vulnerability
First published: Wed Oct 23 2024(Updated: )
A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly.This vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network.Note: Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd2100-snort-dos-M9HuMt75This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Firewall Threat Defense |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-ftd2100-snort-dos-M9HuMt75?
The severity of cisco-sa-ftd2100-snort-dos-M9HuMt75 is classified as high due to the potential for memory corruption leading to Denial of Service.
How do I fix cisco-sa-ftd2100-snort-dos-M9HuMt75?
To fix cisco-sa-ftd2100-snort-dos-M9HuMt75, update your Cisco Firepower Threat Defense Software to the latest version that resolves this vulnerability.
What products are affected by cisco-sa-ftd2100-snort-dos-M9HuMt75?
The affected products for cisco-sa-ftd2100-snort-dos-M9HuMt75 include Cisco Firepower 2100 Series Appliances running the affected versions of Firepower Threat Defense.
Can cisco-sa-ftd2100-snort-dos-M9HuMt75 be exploited remotely?
Yes, cisco-sa-ftd2100-snort-dos-M9HuMt75 can be exploited by an unauthenticated remote attacker.
What is the impact of cisco-sa-ftd2100-snort-dos-M9HuMt75?
The impact of cisco-sa-ftd2100-snort-dos-M9HuMt75 includes the potential for Denial of Service, which may disrupt network security operations.
- agent/title
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/type
- agent/first-publish-date
- collector/cisco-recent
- source/Cisco
- agent/severity
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco secure firewall threat defense