CVE-2023-20031: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2023-20031) was discovered in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software. The vulnerability was disclosed on November 1, 2023, and affects Cisco FTD Software running Snort 3 with either TLS server identity discovery enabled or an SSL policy configured (Cisco Advisory).

The vulnerability stems from a logic error that occurs when an SSL/TLS certificate under load is accessed during SSL connection initiation. It has been assigned a CVSS Base Score of 4.0 MEDIUM (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N). The vulnerability requires specific time-based constraints to be exploited (Cisco Advisory).

A successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically without requiring manual intervention (Cisco Advisory).

Cisco has released software updates that address this vulnerability. Additionally, there are workarounds available: users can either revert to Snort 2, or if remaining on Snort 3, disable both TLS server identity discovery and any configured decryption policy. It's important to note that if either is enabled, the device remains vulnerable (Cisco Advisory).