CVE-2026-20049 — Incorrect Calculation of Buffer Size in Cisco Secure Firewall Adaptive Security Appliance Software

CWE-131 — Incorrect Calculation of Buffer Size4 documents4 sources

Severity

7.7HIGHNVD

EPSS

0.2%

top 60.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Adaptive Security Appliance Software Cisco Secure Firewall Threat Defense Software

Timeline

PublishedMar 4

Latest updateMar 5

Description

A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_secure_firewall_adaptive_security_appliance_software131 versions+130

▶CVEListV5cisco/cisco_secure_firewall_threat_defense_software65 versions+64

🔴Vulnerability Details

GHSA

GHSA-4wgv-wwff-cw37: A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewal↗2026-03-04

▶

CVEList

CVE-2026-20049: A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewal↗2026-03-04

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IPsec Denial of Service Vulnerability↗2026-03-05

▶