CVE-2024-20330: 
Cisco Firepower Threat Defense (FTD) vulnerability analysis and mitigation

A vulnerability (CVE-2024-20330) has been identified in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances. This vulnerability was discovered during the resolution of a Cisco TAC support case and was disclosed on October 23, 2024. The affected systems include Cisco Firepower 2100 Series Appliances running vulnerable releases of Cisco FTD Software with a Snort intrusion policy configured (Cisco Advisory).

The vulnerability stems from improper memory management when the Snort detection engine processes specific TCP or UDP packets. It has been assigned a CVSS base score of 8.6 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. The technical issue involves memory corruption that can cause the Snort detection engine to restart unexpectedly (Cisco Advisory).

A successful exploitation of this vulnerability can result in a denial of service (DoS) condition where the Snort detection engine restarts repeatedly. The impact is specifically limited to traffic that is examined by the Snort detection engine, while device management over the network remains accessible. Notably, once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded (Cisco Advisory).

Cisco has released software updates and hot fixes to address this vulnerability. There are no workarounds available. A specific hot fix named 'Cisco_FTD_SSP_FP2K_Hotfix_FJ-7.0.6.4-1.sh.REL.tar' has been released for Cisco FTD Software Release 7.0. Customers with service contracts can obtain security fixes through their usual update channels (Cisco Advisory).