CVE-2026-20058

MEDIUM

5.8

Descricao

Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit these vulnerabilities by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart, causing a DoS condition.

Detalhes CVE

Pontuacao CVSS v3.15.8

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado3/4/2026

Ultima modificacao3/5/2026

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-786

Referencias

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-vbavuls-96UcVVed(psirt@cisco.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.