Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Mar 4, 2026

Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TLS with Snort 3 Denial of Service Vulnerability

CVE-2026-20006

Description

A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper implementation of the TLS protocol. An attacker could exploit this vulnerability by sending a crafted TLS packet to an affected system. A successful exploit could allow the attacker to cause a device that is running Cisco Secure FTD Software to drop network traffic, resulting in a DoS condition. Note: TLS 1.3 is not affected by this vulnerability.

Affected products

Cisco Systems, Inc./Cisco Secure Firewall Threat Defense (FTD) Softwarellm-fuzzy
Cisco Systems, Inc./Snort 3 Detection Enginellm-fuzzy
Cisco/Cisco Secure Firewall Threat Defense (FTD) Softwarev5
Range: 7.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-rHfqnwRgmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000