Cisco has released a security advisory addressing multiple vulnerabilities in Snort 3, the network intrusion detection and prevention engine used across several Cisco security products. The issues affect how Snort 3 processes Distributed Computing Environment / Remote Procedure Call (DCE/RPC) traffic and could allow a remote, unauthenticated attacker to interrupt packet inspection or access limited information handled by the engine.
The vulnerabilities are rated medium severity and currently have no available workarounds, making software updates the recommended approach for mitigation.
The advisory describes two independent vulnerabilities caused by memory handling errors during DCE/RPC traffic inspection. Under specific conditions, specially crafted network traffic could trigger an unexpected restart of the Snort 3 detection engine or cause a memory read outside intended boundaries. In both cases, network traffic inspection may be temporarily disrupted.
The vulnerabilities impact systems where Snort 3 is enabled, including:
- Open source Snort 3 deployments
- Cisco Secure Firewall Threat Defense (FTD) software
- Cisco IOS XE devices using Unified Threat Defense (UTD)
- Cisco Meraki MX security appliances
Products not using Snort 3 are not affected.
Cisco has released fixed software and hot patches for several platforms.
Open source Snort users are advised to upgrade to Snort version 3.9.6.0, which resolves the issue.
Hot fixes are available for supported Cisco Secure Firewall Threat Defense releases, while updates for Cisco IOS XE Unified Threat Defense and Cisco Meraki platforms are scheduled for release in early 2026.
Cisco’s Product Security Incident Response Team reports no known active exploitation of these vulnerabilities have been reported but the affected component plays a central role in traffic inspection, so it is recommended to apply updates promptly to maintain security visibility and system stability.
Visit Cisco’s official security advisory for additional technical details, affected versions, and update guidance.
Leave a Reply