CVE-2021-40114

MEDIUM

Cisco Firepower Threat Defense < 6.4.0.12 - Memory Leak

Title source: rule

Description

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.

References (3)

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU

[Third Party Advisory] https://www.debian.org/security/2023/dsa-5354

Scores

CVSS v3 6.8

EPSS 0.0342

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-770 CWE-401

Status published

Affected Products (7)

cisco/firepower_threat_defense < 6.4.0.12

cisco/secure_firewall_management_center

cisco/unified_threat_defense < 16.12.6

snort/snort < 2.9.18

Timeline

Published Oct 27, 2021

Tracked Since Feb 18, 2026