CVE-2021-40116

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured

Description The issue is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this by sending a crafted IP packet to the affected device, potentially causing through traffic to be dropped. This could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Recommendations For Cisco Firepower Threat Defense (FTD) with Snort3 configured, consider disabling the Block with Reset or Interactive Block with Reset actions until a patch is available. Restrict access to devices with Snort3 configured to minimize the risk of exploitation. Avoid using rules with Block with Reset or Interactive Block with Reset actions in Snort3 until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.