Cisco Secure Firewall Adaptive Security Appliance Software vulnerabilities

CVE-2026-20012 [HIGH] CWE-401 CVE-2026-20012: A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) co

CVE-2026-20062 [HIGH] CWE-279 CVE-2026-20062: A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in mu A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This vulnerability is due to improper access controls for Secure Copy

CVE-2026-20105 [HIGH] CWE-401 CVE-2026-20105: A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Securit A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory resulting in a denial of service (DoS) condition.This does not affect the man

CVE-2026-20014 [HIGH] CWE-401 CVE-2026-20014: A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to the imp

CVE-2026-20049 [HIGH] CWE-131 CVE-2026-20049: A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange versi A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affec

CVE-2026-20103 [HIGH] CWE-770 CVE-2026-20103: A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Securit A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition to new Remote Access SSL VPN connections. This does no

CVE-2026-20100 [HIGH] CWE-120 CVE-2026-20100: A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) co

CVE-2026-20039 [HIGH] CWE-244 CVE-2026-20039: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Sof A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to ineffective memory management of the VPN web

CVE-2026-20082 [HIGH] CWE-772 CVE-2026-20082: A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new, incoming TCP connections that are destined to manageme

CVE-2026-20101 [HIGH] CWE-330 CVE-2026-20101: A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software a A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to insufficient error checking when processing SAML messages. An attacker could ex

CVE-2026-20009 [MEDIUM] CWE-138 CVE-2026-20009: A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific user. This vulnerability is due to insufficient va

CVE-2026-20102 [MEDIUM] CWE-79 CVE-2026-20102: A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software a A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information. This vulnerability is due t

CVE-2026-20013 [MEDIUM] CWE-401 CVE-2026-20013: A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to memory exhaustion caused by not fre

CVE-2026-20025 [MEDIUM] CWE-190 CVE-2026-20025: A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key. This vulnerability is due to insufficient

CVE-2026-20106 [MEDIUM] CWE-401 CVE-2026-20106: A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.

CVE-2026-20015 [MEDIUM] CWE-401 CVE-2026-20015: A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of services to devices elsewhere in the network. This vulnerability is due to a memory leak when parsing IKEv2 packets

CVE-2026-20023 [MEDIUM] CWE-787 CVE-2026-20023: A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to memory corruption wh

CVE-2026-20020 [MEDIUM] CWE-20 CVE-2026-20020: A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability. This vulner

CVE-2026-20021 [MEDIUM] CWE-401 CVE-2026-20021: A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improperly validating

CVE-2026-20022 [MEDIUM] CWE-823 CVE-2026-20022: A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Soft A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon. This vulnerability is due to