Vulnerability-Lookup

GHSA-6WJ9-H5WQ-GM77

Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31

Details

Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.

This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition.

Severity ?

5.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-20053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T18:16:19Z",
    "severity": "MODERATE"
  },
  "details": "Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.\n\nThis vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition.",
  "id": "GHSA-6wj9-h5wq-gm77",
  "modified": "2026-03-04T18:31:55Z",
  "published": "2026-03-04T18:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20053"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-vbavuls-96UcVVed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2026-20053 (GCVE-0-2026-20053)

Vulnerability from cvelistv5 – Published: 2026-03-04 17:46 – Updated: 2026-03-04 21:25

Title

Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Heap Overflow Denial of Service Vulnerability

Summary

Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco Cyber Vision

Affected: 3.0.0
Affected: 3.0.2
Affected: 3.0.3
Affected: 3.0.1
Affected: 3.1.0
Affected: 3.0.4
Affected: 3.1.1
Affected: 3.1.2
Affected: 3.2.0
Affected: 3.0.5
Affected: 3.2.1
Affected: 3.0.6
Affected: 3.2.2
Affected: 3.2.3
Affected: 3.2.4
Affected: 4.0.0
Affected: 4.0.1
Affected: 4.0.2
Affected: 4.0.3
Affected: 4.1.0
Affected: 4.1.1
Affected: 4.1.2
Affected: 4.1.3
Affected: 4.1.4
Affected: 4.2.0
Affected: 4.2.1
Affected: 4.1.5
Affected: 4.2.2
Affected: 4.2.X
Affected: 4.2.3
Affected: 4.2.4
Affected: 4.2.6
Affected: 4.1.6
Affected: 4.3.0
Affected: 4.3.1
Affected: 4.3.2
Affected: 4.3.3
Affected: 4.4.0
Affected: 4.4.1
Affected: 4.4.2
Affected: 4.4.3
Affected: 4.1.7
Affected: 5.0.0
Affected: 5.0.1
Affected: 5.0.2
Affected: 5.1.0
Affected: 5.1.1
Affected: 5.1.2
Affected: 5.1.3
Affected: 5.2.0
Affected: 5.2.1
Affected: 5.3.0
Affected: 5.3.1
Affected: 5.3.2

	Cisco	Cisco Secure Firewall Threat Defense (FTD) Software	Affected: 7.2.0 Affected: 7.2.0.1 Affected: 7.2.1 Affected: 7.3.0 Affected: 7.2.2 Affected: 7.2.3 Affected: 7.3.1 Affected: 7.2.4 Affected: 7.2.5 Affected: 7.2.4.1 Affected: 7.3.1.1 Affected: 7.4.0 Affected: 7.2.5.1 Affected: 7.4.1 Affected: 7.2.6 Affected: 7.4.1.1 Affected: 7.2.7 Affected: 7.2.5.2 Affected: 7.3.1.2 Affected: 7.2.8 Affected: 7.6.0 Affected: 7.4.2 Affected: 7.2.8.1 Affected: 7.4.2.1 Affected: 7.2.9 Affected: 7.7.0 Affected: 7.4.2.2 Affected: 7.2.10 Affected: 7.6.1 Affected: 7.4.2.3 Affected: 7.6.2 Affected: 7.7.10 Affected: 7.6.2.1 Affected: 7.7.10.1 Affected: 7.4.2.4 Affected: 7.2.10.2 Affected: 7.4.3
	Cisco	Cisco UTD SNORT IPS Engine Software	Affected: 17.12.1a Affected: 17.9.4 Affected: 17.12.2 Affected: 17.13.1a Affected: 17.12.3 Affected: 17.14.1a Affected: 17.12.4 Affected: 17.12.3a Affected: 17.15.1a Affected: 17.16.1a Affected: 17.9.5e Affected: 17.12.4a Affected: 17.15.2c Affected: 17.12.4b Affected: 17.15.2a Affected: 17.12.5 Affected: 17.17.1 Affected: 17.12.5a Affected: 17.15.3a Affected: 17.15.3 Affected: 17.12.5b Affected: 17.12.5c Affected: 17.15.4 Affected: 17.18.1 Affected: 17.18.1a Affected: 17.12.6 Affected: 17.15.4c Affected: 17.12.5d Affected: 17.18.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20053",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T21:24:52.682489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T21:25:01.489Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Cyber Vision",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "3.0.3"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.0.4"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.2.0"
            },
            {
              "status": "affected",
              "version": "3.0.5"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.0.6"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.2.3"
            },
            {
              "status": "affected",
              "version": "3.2.4"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "status": "affected",
              "version": "4.0.1"
            },
            {
              "status": "affected",
              "version": "4.0.2"
            },
            {
              "status": "affected",
              "version": "4.0.3"
            },
            {
              "status": "affected",
              "version": "4.1.0"
            },
            {
              "status": "affected",
              "version": "4.1.1"
            },
            {
              "status": "affected",
              "version": "4.1.2"
            },
            {
              "status": "affected",
              "version": "4.1.3"
            },
            {
              "status": "affected",
              "version": "4.1.4"
            },
            {
              "status": "affected",
              "version": "4.2.0"
            },
            {
              "status": "affected",
              "version": "4.2.1"
            },
            {
              "status": "affected",
              "version": "4.1.5"
            },
            {
              "status": "affected",
              "version": "4.2.2"
            },
            {
              "status": "affected",
              "version": "4.2.X"
            },
            {
              "status": "affected",
              "version": "4.2.3"
            },
            {
              "status": "affected",
              "version": "4.2.4"
            },
            {
              "status": "affected",
              "version": "4.2.6"
            },
            {
              "status": "affected",
              "version": "4.1.6"
            },
            {
              "status": "affected",
              "version": "4.3.0"
            },
            {
              "status": "affected",
              "version": "4.3.1"
            },
            {
              "status": "affected",
              "version": "4.3.2"
            },
            {
              "status": "affected",
              "version": "4.3.3"
            },
            {
              "status": "affected",
              "version": "4.4.0"
            },
            {
              "status": "affected",
              "version": "4.4.1"
            },
            {
              "status": "affected",
              "version": "4.4.2"
            },
            {
              "status": "affected",
              "version": "4.4.3"
            },
            {
              "status": "affected",
              "version": "4.1.7"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            },
            {
              "status": "affected",
              "version": "5.1.1"
            },
            {
              "status": "affected",
              "version": "5.1.2"
            },
            {
              "status": "affected",
              "version": "5.1.3"
            },
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.2.1"
            },
            {
              "status": "affected",
              "version": "5.3.0"
            },
            {
              "status": "affected",
              "version": "5.3.1"
            },
            {
              "status": "affected",
              "version": "5.3.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Firewall Threat Defense (FTD) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.3.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.2.8.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.9"
            },
            {
              "status": "affected",
              "version": "7.7.0"
            },
            {
              "status": "affected",
              "version": "7.4.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.10"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.7.10"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.7.10.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.10.2"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco UTD SNORT IPS Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "17.12.1a"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.13.1a"
            },
            {
              "status": "affected",
              "version": "17.12.3"
            },
            {
              "status": "affected",
              "version": "17.14.1a"
            },
            {
              "status": "affected",
              "version": "17.12.4"
            },
            {
              "status": "affected",
              "version": "17.12.3a"
            },
            {
              "status": "affected",
              "version": "17.15.1a"
            },
            {
              "status": "affected",
              "version": "17.16.1a"
            },
            {
              "status": "affected",
              "version": "17.9.5e"
            },
            {
              "status": "affected",
              "version": "17.12.4a"
            },
            {
              "status": "affected",
              "version": "17.15.2c"
            },
            {
              "status": "affected",
              "version": "17.12.4b"
            },
            {
              "status": "affected",
              "version": "17.15.2a"
            },
            {
              "status": "affected",
              "version": "17.12.5"
            },
            {
              "status": "affected",
              "version": "17.17.1"
            },
            {
              "status": "affected",
              "version": "17.12.5a"
            },
            {
              "status": "affected",
              "version": "17.15.3a"
            },
            {
              "status": "affected",
              "version": "17.15.3"
            },
            {
              "status": "affected",
              "version": "17.12.5b"
            },
            {
              "status": "affected",
              "version": "17.12.5c"
            },
            {
              "status": "affected",
              "version": "17.15.4"
            },
            {
              "status": "affected",
              "version": "17.18.1"
            },
            {
              "status": "affected",
              "version": "17.18.1a"
            },
            {
              "status": "affected",
              "version": "17.12.6"
            },
            {
              "status": "affected",
              "version": "17.15.4c"
            },
            {
              "status": "affected",
              "version": "17.12.5d"
            },
            {
              "status": "affected",
              "version": "17.18.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.\r\n\r\nThis vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-04T17:46:58.213Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ftd-snort3-vbavuls-96UcVVed",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-vbavuls-96UcVVed"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ftd-snort3-vbavuls-96UcVVed",
        "defects": [
          "CSCwq23373"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Heap Overflow Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20053",
    "datePublished": "2026-03-04T17:46:58.213Z",
    "dateReserved": "2025-10-08T11:59:15.355Z",
    "dateUpdated": "2026-03-04T21:25:01.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-6WJ9-H5WQ-GM77

CVE-2026-20053 (GCVE-0-2026-20053)

Tags

Sightings

Nomenclature