CVE-2022-20950: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2022-20950) was identified in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software. The vulnerability was first published on November 9, 2022, and affects FTD Software running Release 7.2.0 or 7.2.0.1 with Snort 3 detection engine configured with SIP inspection policy. This security flaw received a CVSS base score of 5.8 (Medium) (Cisco Advisory).

The vulnerability stems from a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. The issue is tracked as CWE-770 (Allocation of Resources Without Limits or Throttling) and CWE-754 (Improper Check for Unusual or Exceptional Conditions). The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

A successful exploitation of this vulnerability results in a denial of service (DoS) condition by causing the Snort 3 detection engine to restart. This can disrupt the normal operation of the affected Cisco FTD device's security inspection capabilities (Cisco Advisory).

Cisco has released software updates that address this vulnerability. No workarounds are available for this vulnerability. The vulnerability was discovered during the resolution of a Cisco TAC support case (Cisco Advisory).