CVE-2026-20007 — Vulnetix

CVE-2026-20007 PUBLISHED CVSS 5.800000190734863 MEDIUM

A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rules and allow traffic onto the network that should have been dropped. This vulnerability is due to a logic error in the integration of the Snort Engine rules with Cisco Secure FTD Software that could allow different Snort rules to be hit when deep inspection of the packet is performed for the inner and outer connections. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device that would hit configured Snort rules. A successful exploit could allow the attacker to send traffic to a network where it should have been denied.

EPSS 0.03% · 10.4th percentile

Risk Scores

CVSS 3.1

5.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS Score

0.03%

10.4th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Secure Firewall Threat Defense (FTD) Software	7.3.0, 6.4.0.1, 6.4.0.2

Exploit Intelligence

cisco-sa-ftd-snort-bypass-rLggKzVF (circl)

Timeline

Oct 8, 2025 CVE ID Reserved
Mar 4, 2026 CVE Published
Mar 4, 2026 CVE Updated
Mar 5, 2026 EPSS Score
Mar 6, 2026 EPSS Score
Mar 7, 2026 EPSS Score
Mar 9, 2026 EPSS Score
Mar 10, 2026 EPSS Score
Mar 11, 2026 EPSS Score
Mar 12, 2026 EPSS Score
Mar 14, 2026 EPSS Score
Mar 15, 2026 EPSS Score

References

Open in Interactive Console →