5.8
CVE-2026-20015
- EPSS 0.14%
- Veröffentlicht 04.03.2026 17:21:37
- Zuletzt bearbeitet 16.04.2026 20:02:10
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of services to devices elsewhere in the network. This vulnerability is due to a memory leak when parsing IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to be manually reloaded.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Adaptive Security Appliance Software Version >= 9.18.1 < 9.18.4.71
Cisco ≫ Adaptive Security Appliance Software Version >= 9.19.1 < 9.20.4.10
Cisco ≫ Adaptive Security Appliance Software Version >= 9.22.1.1 < 9.22.2.13
Cisco ≫ Adaptive Security Appliance Software Version >= 9.23.1 < 9.23.1.19
Cisco ≫ Firepower Threat Defense Software Version >= 7.2.0 < 7.2.11
Cisco ≫ Firepower Threat Defense Software Version >= 7.3.0 < 7.4.3
Cisco ≫ Firepower Threat Defense Software Version >= 7.6.0 < 7.6.4
Cisco ≫ Firepower Threat Defense Software Version >= 7.7.0 < 7.7.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.332 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 5.8 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.