A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart.
This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-dos-A4cHeArC [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-dos-A4cHeArC”]
This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: November 2022 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74838”].
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | firepower_threat_defense_software | 7.2 | cpe:2.3:a:cisco:firepower_threat_defense_software:7.2:*:*:*:*:*:*:* |
cisco | firepower_2100_firmware | any | cpe:2.3:o:cisco:firepower_2100_firmware:any:*:*:*:*:*:*:* |
cisco | firepower_management_center_1000_firmware | any | cpe:2.3:o:cisco:firepower_management_center_1000_firmware:any:*:*:*:*:*:*:* |
cisco | industrial_security_appliances_3000_firmware | any | cpe:2.3:o:cisco:industrial_security_appliances_3000_firmware:any:*:*:*:*:*:*:* |
cisco | firepower_9000_firmware | any | cpe:2.3:o:cisco:firepower_9000_firmware:any:*:*:*:*:*:*:* |
cisco | firepower_4100_next-generation_firewall_firmware | any | cpe:2.3:o:cisco:firepower_4100_next-generation_firewall_firmware:any:*:*:*:*:*:*:* |
cisco | firepower_management_center_virtual_appliance | any | cpe:2.3:a:cisco:firepower_management_center_virtual_appliance:any:*:*:*:*:*:*:* |
cisco | secure_pix_firewall | any | cpe:2.3:h:cisco:secure_pix_firewall:any:*:*:*:*:*:*:* |
cisco | firepower_threat_defense_software | any | cpe:2.3:a:cisco:firepower_threat_defense_software:any:*:*:*:*:*:*:* |
cisco | firepower_threat_defense_software | 7.2.0 | cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0:*:*:*:*:*:*:* |