CVE-2021-40114

MEDIUM

Cisco Firepower Threat Defense < 6.4.0.12 - Unauthenticated Denial of Service via ICMP Packet Processing

Title source: llm

Description

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5354

Scores

CVSS v3 6.8

EPSS 0.0342

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770 CWE-401

Status published

Products (7)

cisco/firepower_threat_defense < 6.4.0.12

cisco/secure_firewall_management_center 2.9.14.0

cisco/secure_firewall_management_center 2.9.15

cisco/secure_firewall_management_center 2.9.16

cisco/secure_firewall_management_center 2.9.17

cisco/unified_threat_defense 16.12 - 16.12.6

snort/snort 2.0.0 - 2.9.18

Published Oct 27, 2021

Tracked Since Feb 18, 2026