7.4
CVE-2026-20004
- EPSS 0.06%
- Veröffentlicht 25.03.2026 16:16:10
- Zuletzt bearbeitet 26.03.2026 15:13:33
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this vulnerability by repeatedly triggering the conditions that cause the memory increase. This could be done in a variety of ways, such as by repeatedly attempting Extensible Authentication Protocol (EAP) authentication when local EAP is enabled on an affected device or by using a machine-in-the-middle attack and resetting TLS connections between the affected device and other devices. A successful exploit could allow the attacker to exhaust the available memory on an affected device, resulting in an unexpected reload and a denial of service (DoS) condition.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco IOS XE Software
Version
16.9.1
Status
affected
Version
16.9.2
Status
affected
Version
16.9.1a
Status
affected
Version
16.9.1b
Status
affected
Version
16.9.1s
Status
affected
Version
16.9.3
Status
affected
Version
16.9.4
Status
affected
Version
16.9.3a
Status
affected
Version
16.9.5
Status
affected
Version
16.9.5f
Status
affected
Version
16.9.6
Status
affected
Version
16.9.7
Status
affected
Version
16.9.8
Status
affected
Version
16.10.1
Status
affected
Version
16.10.1a
Status
affected
Version
16.10.1b
Status
affected
Version
16.10.1s
Status
affected
Version
16.10.1c
Status
affected
Version
16.10.1e
Status
affected
Version
16.10.1d
Status
affected
Version
16.10.2
Status
affected
Version
16.10.1f
Status
affected
Version
16.10.1g
Status
affected
Version
16.10.3
Status
affected
Version
16.11.1
Status
affected
Version
16.11.1a
Status
affected
Version
16.11.1b
Status
affected
Version
16.11.2
Status
affected
Version
16.11.1s
Status
affected
Version
16.12.1
Status
affected
Version
16.12.1s
Status
affected
Version
16.12.1a
Status
affected
Version
16.12.1c
Status
affected
Version
16.12.1w
Status
affected
Version
16.12.2
Status
affected
Version
16.12.1y
Status
affected
Version
16.12.2a
Status
affected
Version
16.12.3
Status
affected
Version
16.12.8
Status
affected
Version
16.12.2s
Status
affected
Version
16.12.1x
Status
affected
Version
16.12.1t
Status
affected
Version
16.12.4
Status
affected
Version
16.12.3s
Status
affected
Version
16.12.3a
Status
affected
Version
16.12.4a
Status
affected
Version
16.12.5
Status
affected
Version
16.12.6
Status
affected
Version
16.12.1z1
Status
affected
Version
16.12.5a
Status
affected
Version
16.12.5b
Status
affected
Version
16.12.1z2
Status
affected
Version
16.12.6a
Status
affected
Version
16.12.7
Status
affected
Version
16.12.9
Status
affected
Version
16.12.10
Status
affected
Version
16.12.10a
Status
affected
Version
16.12.11
Status
affected
Version
16.12.12
Status
affected
Version
16.12.13
Status
affected
Version
16.12.14
Status
affected
Version
16.12.15
Status
affected
Version
17.1.1
Status
affected
Version
17.1.1a
Status
affected
Version
17.1.1s
Status
affected
Version
17.1.1t
Status
affected
Version
17.1.3
Status
affected
Version
17.2.1
Status
affected
Version
17.2.1r
Status
affected
Version
17.2.1a
Status
affected
Version
17.2.1v
Status
affected
Version
17.2.2
Status
affected
Version
17.2.3
Status
affected
Version
17.3.1
Status
affected
Version
17.3.2
Status
affected
Version
17.3.3
Status
affected
Version
17.3.1a
Status
affected
Version
17.3.1w
Status
affected
Version
17.3.2a
Status
affected
Version
17.3.1x
Status
affected
Version
17.3.1z
Status
affected
Version
17.3.4
Status
affected
Version
17.3.5
Status
affected
Version
17.3.4a
Status
affected
Version
17.3.6
Status
affected
Version
17.3.4b
Status
affected
Version
17.3.4c
Status
affected
Version
17.3.5a
Status
affected
Version
17.3.5b
Status
affected
Version
17.3.7
Status
affected
Version
17.3.8
Status
affected
Version
17.3.8a
Status
affected
Version
17.4.1
Status
affected
Version
17.4.2
Status
affected
Version
17.4.1a
Status
affected
Version
17.4.1b
Status
affected
Version
17.4.2a
Status
affected
Version
17.5.1
Status
affected
Version
17.5.1a
Status
affected
Version
17.6.1
Status
affected
Version
17.6.2
Status
affected
Version
17.6.1w
Status
affected
Version
17.6.1a
Status
affected
Version
17.6.1x
Status
affected
Version
17.6.3
Status
affected
Version
17.6.1y
Status
affected
Version
17.6.1z
Status
affected
Version
17.6.3a
Status
affected
Version
17.6.4
Status
affected
Version
17.6.1z1
Status
affected
Version
17.6.5
Status
affected
Version
17.6.6
Status
affected
Version
17.6.6a
Status
affected
Version
17.6.5a
Status
affected
Version
17.6.7
Status
affected
Version
17.6.8
Status
affected
Version
17.6.8a
Status
affected
Version
17.7.1
Status
affected
Version
17.7.1a
Status
affected
Version
17.7.1b
Status
affected
Version
17.7.2
Status
affected
Version
17.10.1
Status
affected
Version
17.10.1a
Status
affected
Version
17.10.1b
Status
affected
Version
17.8.1
Status
affected
Version
17.8.1a
Status
affected
Version
17.9.1
Status
affected
Version
17.9.1w
Status
affected
Version
17.9.2
Status
affected
Version
17.9.1a
Status
affected
Version
17.9.1x
Status
affected
Version
17.9.1y
Status
affected
Version
17.9.3
Status
affected
Version
17.9.2a
Status
affected
Version
17.9.1x1
Status
affected
Version
17.9.3a
Status
affected
Version
17.9.4
Status
affected
Version
17.9.1y1
Status
affected
Version
17.9.5
Status
affected
Version
17.9.4a
Status
affected
Version
17.9.5a
Status
affected
Version
17.9.5b
Status
affected
Version
17.9.6
Status
affected
Version
17.9.6a
Status
affected
Version
17.9.5e
Status
affected
Version
17.9.5f
Status
affected
Version
17.11.1
Status
affected
Version
17.11.1a
Status
affected
Version
17.12.1
Status
affected
Version
17.12.1w
Status
affected
Version
17.12.1a
Status
affected
Version
17.12.1x
Status
affected
Version
17.12.2
Status
affected
Version
17.12.3
Status
affected
Version
17.12.2a
Status
affected
Version
17.12.1y
Status
affected
Version
17.12.1z
Status
affected
Version
17.12.4
Status
affected
Version
17.12.3a
Status
affected
Version
17.12.1z1
Status
affected
Version
17.12.1z2
Status
affected
Version
17.12.4a
Status
affected
Version
17.12.4b
Status
affected
Version
17.12.1z3
Status
affected
Version
17.12.1z4
Status
affected
Version
17.12.1z5
Status
affected
Version
17.12.1z6
Status
affected
Version
17.13.1
Status
affected
Version
17.13.1a
Status
affected
Version
17.14.1
Status
affected
Version
17.14.1a
Status
affected
Version
17.15.1
Status
affected
Version
17.15.1w
Status
affected
Version
17.15.1a
Status
affected
Version
17.15.1b
Status
affected
Version
17.15.1x
Status
affected
Version
17.15.1z
Status
affected
Version
17.15.1y
Status
affected
Version
17.16.1
Status
affected
Version
17.16.1a
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.175 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-771 Missing Reference to Active Allocated Resource
The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.