CVE-2021-40114

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions (affected versions not specified) Cisco Firepower Threat Defense (FTD) versions (affected versions not specified) Cisco IOS XE SD-WAN versions (affected versions not specified)

Description The issue is related to improper memory resource management in the Snort detection engine when processing ICMP traffic. This could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device by sending a series of ICMP packets. A successful exploit could allow the attacker to exhaust resources on the affected device, causing it to reload.

Recommendations For Cisco IOS XE, update to a version that includes the fix for the improper memory resource management issue. For Cisco Firepower Threat Defense (FTD), consider disabling the Snort detection engine until a patch is available. For Cisco IOS XE SD-WAN, restrict access to the affected device to minimize the risk of exploitation until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.