CVE-2026-20052
Memory Management Logic Error in Snort 3 Causes DoS
Publication date: 2026-03-04
Last updated on: 2026-03-04
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_threat_defense | * |
| cisco | snort_3 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-788 | The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software and is caused by a logic error in memory management during SSL packet inspection.
An unauthenticated, remote attacker can exploit this flaw by sending specially crafted SSL packets through an established connection to the Snort 3 Detection Engine.
Successful exploitation causes the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'The primary impact of this vulnerability is a denial of service (DoS) condition caused by the unexpected restart of the Snort 3 Detection Engine.'}, {'type': 'paragraph', 'content': "This means that the firewall's detection capabilities could be temporarily disrupted, potentially reducing the security monitoring and protection provided by the device."}, {'type': 'paragraph', 'content': 'Since the attack can be performed remotely and without authentication, it increases the risk of service interruption.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying the SSL policy configuration and the status of Snort 3 on Cisco Secure Firewall Threat Defense (FTD) Software.
- Use the CLI command `show ssl-policy-config` on Cisco Secure FTD Software to check the SSL policy status.
- For devices managed by Cisco Secure Firepower Device Manager (FDM), check the SSL Decryption tab under Policies.
- For devices managed by Cisco Secure Firewall Management Center (FMC), check the SSL Policy area in Access Control policies.
- For devices managed by Cisco Defense Orchestrator, check the Decryption Policy in FTD Policies.
What immediate steps should I take to mitigate this vulnerability?
The only effective mitigation for this vulnerability is to upgrade to Cisco software releases that contain the fix.
Cisco provides a Software Checker tool to identify affected versions and fixed releases.
There are no workarounds identified; customers should verify device configurations, ensure sufficient memory and compatibility before upgrading, and consult Cisco TAC for assistance if needed.