Cisco Adaptive Security Appliance Software vulnerabilities

CVE-2026-20082 [HIGH] CWE-772 CVE-2026-20082: A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new, incoming TCP connections that are destined to manageme

CVE-2026-20100 [HIGH] CWE-120 CVE-2026-20100: A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) co

CVE-2026-20020 [MEDIUM] CWE-20 CVE-2026-20020: A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability. This vulner

CVE-2026-20022 [MEDIUM] CWE-823 CVE-2026-20022: A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon. This vulnerability is due to

CVE-2026-20070 [MEDIUM] CWE-80 CVE-2026-20070: A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Applian A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due

CVE-2026-20023 [MEDIUM] CWE-787 CVE-2026-20023: A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to memory corruption wh

CVE-2026-20073 [MEDIUM] CWE-284 CVE-2026-20073: A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device. This vulnerability is due to improper error handling when an affected device that is joining a c

CVE-2026-20069 [MEDIUM] CWE-444 CVE-2026-20069: A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Applian A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of HTTP r

CVE-2026-20024 [MEDIUM] CWE-119 CVE-2026-20024: A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key. This vulnerability is due to heap corrupt

CVE-2025-20333 [CRITICAL] CWE-120 CVE-2025-20333: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Sof A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests.

CVE-2025-20363 [CRITICAL] CWE-122 CVE-2025-20363: A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Softw A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS,

CVE-2025-20362 [HIGH] CVE-2025-20362: Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisc Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all

CVE-2025-20127 [HIGH] CWE-404 CVE-2025-20127: A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adapti A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 co

CVE-2025-20182 [HIGH] CWE-787 CVE-2025-20182: A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vu

CVE-2020-27124 [HIGH] CWE-457 CVE-2020-27124: A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software coul A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit

CVE-2024-20329 [CRITICAL] CWE-146 CVE-2024-20329: A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI

CVE-2024-20268 [HIGH] CWE-231 CVE-2024-20268: A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an unexpected reload of the device. This vulnerability is due to insufficient input validation of SNMP packets. An attacker

CVE-2024-20408 [HIGH] CWE-1287 CVE-2024-20408: A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (A A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly. To exploit this vulnerability, an attacker would need valid remote access VPN user credenti

CVE-2024-20494 [HIGH] CWE-1287 CVE-2024-20494: A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Sof A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper data validation

CVE-2024-20495 [HIGH] CWE-20 CVE-2024-20495: A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper v