CVE-2026-20052

A vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a logic error in memory management when a device is performing Snort 3 SSL packet inspection. An attacker could exploit this vulnerability by sending crafted SSL packets through an established connection to be parsed by the Snort 3 Detection Engine. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine unexpectedly restarts.

CVSS v3 5.8 MEDIUM

5.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3ssl-FBEKYXpH

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-04 18:16

Updated : 2026-03-05 19:39

NVD link : CVE-2026-20052

Mitre link : CVE-2026-20052

CVE.ORG link : CVE-2026-20052

JSON object : View

Products Affected

No product.

CWE

CWE-788

Access of Memory Location After End of Buffer

{"id": "CVE-2026-20052", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-03-04T18:16:19.420", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3ssl-FBEKYXpH", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-788"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart.\r\n\r\nThis vulnerability is due to a logic error in memory management when a device is performing Snort 3 SSL packet inspection. An attacker could exploit this vulnerability by sending crafted SSL packets through an established connection to be parsed by the Snort 3 Detection Engine. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine unexpectedly restarts."}, {"lang": "es", "value": "Una vulnerabilidad en el manejo de la gesti\u00f3n de memoria para el Motor de Detecci\u00f3n Snort 3 del software Cisco Secure Cortafuegos Defensa contra Amenazas (FTD) podr\u00eda permitir a un atacante remoto no autenticado causar que el Motor de Detecci\u00f3n Snort 3 se reinicie.\n\nEsta vulnerabilidad se debe a un error de l\u00f3gica en la gesti\u00f3n de memoria cuando un dispositivo est\u00e1 realizando inspecci\u00f3n de paquetes SSL de Snort 3. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes SSL manipulados a trav\u00e9s de una conexi\u00f3n establecida para ser analizados por el Motor de Detecci\u00f3n Snort 3. Un exploit exitoso podr\u00eda permitir al atacante causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) cuando el Motor de Detecci\u00f3n Snort 3 se reinicia inesperadamente."}], "lastModified": "2026-03-05T19:39:11.967", "sourceIdentifier": "psirt@cisco.com"}