CVE-2026-20103

A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition to new Remote Access SSL VPN connections. This does not affect the management interface, though it may become temporarily unresponsive. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device web interface to stop responding, resulting in a DoS condition.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::
	cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:firepower_threat_defense_software::::::::
	cpe:2.3:a:cisco:firepower_threat_defense_software::::::::
	cpe:2.3:a:cisco:firepower_threat_defense_software::::::::
	cpe:2.3:a:cisco:firepower_threat_defense_software::::::::
	cpe:2.3:a:cisco:firepower_threat_defense_software::::::::

History

16 Apr 2026, 20:28

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en la funcionalidad de VPN SSL de Acceso Remoto de Cisco Secure Firewall Adaptive Security Appliance (ASA) Software y Secure Firewall Threat Defense (FTD) Software podría permitir a un atacante remoto no autenticado agotar la memoria del dispositivo, lo que resultaría en una condición de denegación de servicio (DoS) para nuevas conexiones VPN SSL de Acceso Remoto. Esto no afecta la interfaz de gestión, aunque podría dejar de responder temporalmente. Esta vulnerabilidad se debe a confiar en la entrada del usuario sin validación. Un atacante podría explotar esta vulnerabilidad enviando paquetes manipulados al servidor VPN SSL de Acceso Remoto. Un exploit exitoso podría permitir al atacante hacer que la interfaz web del dispositivo deje de responder, lo que resultaría en una condición de DoS.
First Time		Cisco firepower Threat Defense Software Cisco Cisco adaptive Security Appliance Software
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC - Vendor Advisory
CPE		cpe:2.3:a:cisco:firepower_threat_defense_software:::::::: cpe:2.3:o:cisco:adaptive_security_appliance_software::::::::

04 Mar 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-04 18:16

Updated : 2026-04-16 20:28

NVD link : CVE-2026-20103

Mitre link : CVE-2026-20103

CVE.ORG link : CVE-2026-20103

JSON object : View

Products Affected

cisco

firepower_threat_defense_software
adaptive_security_appliance_software

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

8.6 /10