CVE-2025-20217
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_threat_defense | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the packet inspection functionality of the Snort 3 Detection Engine within Cisco Secure Firewall Threat Defense Software. It allows an unauthenticated, remote attacker to send specially crafted traffic that causes the device to enter an infinite loop during traffic inspection, leading to a denial of service (DoS) condition. The system watchdog will then restart the Snort process automatically.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service (DoS) on the affected device by making it enter an infinite loop while inspecting traffic. This can disrupt normal network security operations, potentially leading to downtime or reduced protection until the Snort process is restarted by the system watchdog.