CVE-2026-20054— Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Infinite Loop Denial of Service Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-20054
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Infinite Loop Denial of Service Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to enter an infinite loop, causing a DoS condition.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可达退出条件的循环(无限循环)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Secure Firewall Threat Defense和Cisco IOS XE Software 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Secure Firewall Threat Defense和Cisco IOS XE Software都是美国思科(Cisco)公司的产品。Cisco Secure Firewall Threat Defense是一个集成式防火墙平台。Cisco IOS XE Software是一种网络操作系统。 Cisco Secure Firewall Threat Defense和Cisco IOS XE Software存在安全漏洞,该漏洞源于解压缩VBA数据时错误检查不当,可能导致未经身份验证的远
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Cyber Vision | 3.0.0 | - | |
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.2.0 | - | |
| Cisco | Cisco UTD SNORT IPS Engine Software | 3.17.1S | - |
II. Public POCs for CVE-2026-20054
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-20054
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2026-03-04 · 50 CVEs total
| CVE-2026-20079 | 10.0 CRITICAL | Cisco Secure Firewall Management Center 安全漏洞 |
| CVE-2026-20131 | 10.0 CRITICAL | Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability |
| CVE-2026-20082 | 8.6 HIGH | Cisco Secure Firewall Adaptive Security Appliance 安全漏洞 |
| CVE-2026-20039 | 8.6 HIGH | Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL VPN Authentica |
| CVE-2026-20103 | 8.6 HIGH | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏 |
| CVE-2026-20101 | 8.6 HIGH | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure FTD Software 安全特征问题漏洞 |
| CVE-2026-20002 | 8.1 HIGH | Cisco Secure Firewall Management Center SQL注入漏洞 |
| CVE-2026-20049 | 7.7 HIGH | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏 |
| CVE-2026-20100 | 7.7 HIGH | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏 |
| CVE-2026-20105 | 7.7 HIGH | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏 |
| CVE-2026-20014 | 7.7 HIGH | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏 |
| CVE-2026-20062 | 7.2 HIGH | Cisco Secure Firewall Adaptive Security Appliance 安全漏洞 |
| CVE-2026-20025 | 6.8 MEDIUM | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 输入验 |
| CVE-2026-20050 | 6.8 MEDIUM | Cisco Secure Firewall Threat Defense Decryption Policy Denial of Service Vulnerability |
| CVE-2026-20020 | 6.8 MEDIUM | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 输入验 |
| CVE-2026-20024 | 6.8 MEDIUM | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 缓冲区 |
| CVE-2026-20001 | 6.5 MEDIUM | Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities |
| CVE-2026-20064 | 6.5 MEDIUM | Cisco Secure Firewall Threat Defense 代码问题漏洞 |
| CVE-2026-20070 | 6.1 MEDIUM | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Softw |
| CVE-2026-20023 | 6.1 MEDIUM | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 缓冲区 |
Showing top 20 of 50 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco Cyber Vision
- CVE-2026-20068
Multiple Cisco Products Snort 3 TBD Denial of Service Vulner - CVE-2026-20067
Multiple Cisco Products Snort 3 TBD Denial of Service Vulner - CVE-2026-20057
Cisco Secure Firewall Threat Defense Software Snort 3 Visual - CVE-2026-20053
Cisco Secure Firewall Threat Defense Software Snort 3 Visual - CVE-2025-20360
Multiple Cisco Products Snort 3 MIME Denial of Service Vulne
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-835
- CVE-2026-42310
Pillow: PDF Parsing Trailer Infinite Loop (DoS) - CVE-2026-41511
OpenMcdf has an Infinite loop DoS via crafted CFB directory - CVE-2026-5407
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi - CVE-2026-6536
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi - CVE-2026-6534
Loop with Unreachable Exit Condition ('Infinite Loop') in Wi
V. Comments for CVE-2026-20054
No comments yet