Multiple Cisco Products Snort 3 Visual Basic for Applications Denial of Service Vulnerabilities
Summary
Multiple Cisco products are affected by vulnerabilities in the Snort 3 Visual Basic for Applications (VBA) Decompression Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities. This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA,…
- Scope: For information about which products were affected by these vulnerabilities at the time of publication, see the following sections. Open Source Snort 3
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- There is a workaround that addresses these vulnerabilities.
- The vulnerabilities described in this advisory are due to VBA decompression, which is not enabled by default for any Snort 3 Inspector. If VBA decompression is disabled until the device can be upgraded to a fixed software release, the device will not be affected by these vulnerabilities. For further details on how to remove the VBA configuration, see the following references:
- Firewall Management Center Features in Version 7.2.0
- Snort 3 Inspector Reference
- Cisco Secure Firewall Management Center Snort 3 Configuration Guide, Version 7.2
- While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer depl…
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.