CVE-2026-20106

Published Mar 4, 2026

Last updated a month ago

CVSS medium 5.3

Overview

Description: A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.
Source: psirt@cisco.com
NVD status: Analyzed
Products: adaptive_security_appliance_software, firepower_threat_defense_software

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

Weaknesses

psirt@cisco.com: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "74292810-417D-42CC-9123-55166145E91D",
            "versionEndExcluding": "9.16.4.85",
            "versionStartIncluding": "9.12.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "7EFC1809-7619-43ED-80FD-0FC28C876879",
            "versionEndExcluding": "9.18.4.66",
            "versionStartIncluding": "9.17.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4988A136-196A-448B-A416-992803647AB2",
            "versionEndExcluding": "9.20.4",
            "versionStartIncluding": "9.19.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "55B05CD4-4849-471F-ACC5-0E0478568A2D",
            "versionEndExcluding": "9.22.2.4",
            "versionStartIncluding": "9.22.1.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "61AA6D92-28AC-41E2-8CD3-F7094A079D65",
            "versionEndExcluding": "9.23.1.7",
            "versionStartIncluding": "9.23.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A02019B1-284B-4118-A544-9AA56216E741",
            "versionEndExcluding": "7.0.9",
            "versionStartIncluding": "6.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "3DA98A98-A084-4DB0-B08F-33EB6C8607C0",
            "versionEndExcluding": "7.2.11",
            "versionStartIncluding": "7.1.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "737DB8CE-EC0B-4221-A8BF-3E64702DE092",
            "versionEndExcluding": "7.4.3",
            "versionStartIncluding": "7.3.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "26A29A1A-8013-4CE1-8DE5-4C82778A1D96",
            "versionEndExcluding": "7.6.4",
            "versionStartIncluding": "7.6.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A267F3D1-7449-4622-91AB-F9CA2DDDB61E",
            "versionEndExcluding": "7.7.11",
            "versionStartIncluding": "7.7.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References