vulnerability
Cisco FTD: CVE-2022-20950: Cisco Firepower Threat Defense Software SIP and Snort 3 Detection Engine Denial of Service Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Nov 9, 2022 | Jan 29, 2025 | Mar 31, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Nov 9, 2022
Added
Jan 29, 2025
Modified
Mar 31, 2026
Description
A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart.
This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition.
Solution
cisco-ftd-upgrade-latest
References
- CVE-2022-20950
- https://attackerkb.com/topics/CVE-2022-20950
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdsnort3sip-dos-A4cHeArC
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-26200
- CISCO-cisco-sa-ftdsnort3sip-dos-A4cHeArC
- CWE-770
- CWE-754
- EUVD-EUVD-2022-26200
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.