{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T11:01:40.536","vulnerabilities":[{"cve":{"id":"CVE-2026-20007","sourceIdentifier":"psirt@cisco.com","published":"2026-03-04T18:16:14.063","lastModified":"2026-03-05T19:39:11.967","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rules and allow traffic onto the network that should have been dropped.\r\n\r\nThis vulnerability is due to a logic error in the integration of the Snort Engine rules with Cisco Secure FTD Software that could allow different Snort rules to be hit when deep inspection of the packet is performed for the inner and outer connections. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device that would hit configured Snort rules. A successful exploit could allow the attacker to send traffic to a network where it should have been denied."},{"lang":"es","value":"Una vulnerabilidad en la inspección profunda de paquetes de Snort 2 y Snort 3 del software Cisco Secure Cortafuegos Defensa contra Amenazas (FTD) podría permitir a un atacante remoto no autenticado eludir las reglas de Snort configuradas y permitir tráfico en la red que debería haber sido descartado.\n\nEsta vulnerabilidad se debe a un error de lógica en la integración de las reglas del motor Snort con el software Cisco Secure FTD que podría permitir que se activen diferentes reglas de Snort cuando se realiza la inspección profunda del paquete para las conexiones internas y externas. Un atacante podría explotar esta vulnerabilidad enviando tráfico manipulado a un dispositivo objetivo que activaría las reglas de Snort configuradas. Un exploit exitoso podría permitir al atacante enviar tráfico a una red donde debería haber sido denegado."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort-bypass-rLggKzVF","source":"psirt@cisco.com"}]}}]}