Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series TCP UDP Snort 2 and Snort 2 Denial of Service Vulnerability

CVE-2024-20330

Summary

A vulnerability exists within the Snort 2 and Snort 3 TCP and UDP detection engines of Cisco's Firepower Threat Defense (FTD) Software deployed on Firepower 2100 Series Appliances. This flaw is characterized by improper memory management that comes into play when specific TCP and UDP packets are processed. An unauthenticated remote attacker could exploit this vulnerability by sending tailored packets to a system using the Snort detection engine. Doing so could lead to repeated restarts of the Snort engine, resulting in a denial of service (DoS) condition for the traffic being analyzed. Notably, the device itself remains manageable over the network, yet once memory is compromised, resolution requires manual intervention by reloading the appliance, thereby resulting in disruption until action is taken.

References