CVE-2021-40116
HIGHCisco Firepower Threat Defense 6.4.0-6.4.0.12 & Snort 3.0.0.0-3.0.99.99 - DoS via Snort Rule Block
Title source: llmDescription
Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM
Scores
CVSS v3
8.6
EPSS
0.0078
EPSS Percentile
73.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-241
Status
published
Products (3)
cisco/firepower_threat_defense
6.4.0 - 6.4.0.13
cisco/secure_firewall_management_center
3.1.0.1
cisco/snort
3.0.0.0 - 3.1.0.100
Published
Oct 27, 2021
Tracked Since
Feb 18, 2026