4.3

CVE-2026-20021

EPSS 0.01%
Veröffentlicht 04.03.2026 18:35:06
Zuletzt bearbeitet 16.04.2026 20:36:40
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.

 This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 84 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Adaptive Security Appliance Software Version >= 9.12.1 <= 9.12.4.67

Cisco ≫ Adaptive Security Appliance Software Version >= 9.16.1 <= 9.16.4.85

Cisco ≫ Adaptive Security Appliance Software Version >= 9.17.1 <= 9.17.1.46

Cisco ≫ Adaptive Security Appliance Software Version >= 9.18.1 <= 9.18.4.68

Cisco ≫ Adaptive Security Appliance Software Version >= 9.19.1 <= 9.19.1.42

Cisco ≫ Adaptive Security Appliance Software Version >= 9.20.1 <= 9.20.4.14

Cisco ≫ Adaptive Security Appliance Software Version >= 9.22.1.1 <= 9.22.2.14

Cisco ≫ Adaptive Security Appliance Software Version >= 9.23.1 <= 9.23.1.22

Cisco ≫ Firepower Threat Defense Software Version6.4.0

Cisco ≫ Firepower Threat Defense Software Version6.4.0.1

Cisco ≫ Firepower Threat Defense Software Version6.4.0.2

Cisco ≫ Firepower Threat Defense Software Version6.4.0.3

Cisco ≫ Firepower Threat Defense Software Version6.4.0.4

Cisco ≫ Firepower Threat Defense Software Version6.4.0.5

Cisco ≫ Firepower Threat Defense Software Version6.4.0.6

Cisco ≫ Firepower Threat Defense Software Version6.4.0.7

Cisco ≫ Firepower Threat Defense Software Version6.4.0.8

Cisco ≫ Firepower Threat Defense Software Version6.4.0.9

Cisco ≫ Firepower Threat Defense Software Version6.4.0.10

Cisco ≫ Firepower Threat Defense Software Version6.4.0.11

Cisco ≫ Firepower Threat Defense Software Version6.4.0.12

Cisco ≫ Firepower Threat Defense Software Version6.4.0.13

Cisco ≫ Firepower Threat Defense Software Version6.4.0.14

Cisco ≫ Firepower Threat Defense Software Version6.4.0.15

Cisco ≫ Firepower Threat Defense Software Version6.4.0.16

Cisco ≫ Firepower Threat Defense Software Version6.4.0.17

Cisco ≫ Firepower Threat Defense Software Version6.4.0.18

Cisco ≫ Firepower Threat Defense Software Version7.0.0

Cisco ≫ Firepower Threat Defense Software Version7.0.0.1

Cisco ≫ Firepower Threat Defense Software Version7.0.1

Cisco ≫ Firepower Threat Defense Software Version7.0.1.1

Cisco ≫ Firepower Threat Defense Software Version7.0.2

Cisco ≫ Firepower Threat Defense Software Version7.0.2.1

Cisco ≫ Firepower Threat Defense Software Version7.0.3

Cisco ≫ Firepower Threat Defense Software Version7.0.4

Cisco ≫ Firepower Threat Defense Software Version7.0.5

Cisco ≫ Firepower Threat Defense Software Version7.0.6

Cisco ≫ Firepower Threat Defense Software Version7.0.6.1

Cisco ≫ Firepower Threat Defense Software Version7.0.6.2

Cisco ≫ Firepower Threat Defense Software Version7.0.6.3

Cisco ≫ Firepower Threat Defense Software Version7.0.7

Cisco ≫ Firepower Threat Defense Software Version7.0.8

Cisco ≫ Firepower Threat Defense Software Version7.0.8.1

Cisco ≫ Firepower Threat Defense Software Version7.1.0

Cisco ≫ Firepower Threat Defense Software Version7.1.0.1

Cisco ≫ Firepower Threat Defense Software Version7.1.0.2

Cisco ≫ Firepower Threat Defense Software Version7.1.0.3

Cisco ≫ Firepower Threat Defense Software Version7.2.0

Cisco ≫ Firepower Threat Defense Software Version7.2.0.1

Cisco ≫ Firepower Threat Defense Software Version7.2.1

Cisco ≫ Firepower Threat Defense Software Version7.2.2

Cisco ≫ Firepower Threat Defense Software Version7.2.3

Cisco ≫ Firepower Threat Defense Software Version7.2.4

Cisco ≫ Firepower Threat Defense Software Version7.2.4.1

Cisco ≫ Firepower Threat Defense Software Version7.2.5

Cisco ≫ Firepower Threat Defense Software Version7.2.5.1

Cisco ≫ Firepower Threat Defense Software Version7.2.5.2

Cisco ≫ Firepower Threat Defense Software Version7.2.6

Cisco ≫ Firepower Threat Defense Software Version7.2.7

Cisco ≫ Firepower Threat Defense Software Version7.2.8

Cisco ≫ Firepower Threat Defense Software Version7.2.8.1

Cisco ≫ Firepower Threat Defense Software Version7.2.9

Cisco ≫ Firepower Threat Defense Software Version7.2.10

Cisco ≫ Firepower Threat Defense Software Version7.2.10.2

Cisco ≫ Firepower Threat Defense Software Version7.3.0

Cisco ≫ Firepower Threat Defense Software Version7.3.1

Cisco ≫ Firepower Threat Defense Software Version7.3.1.1

Cisco ≫ Firepower Threat Defense Software Version7.3.1.2

Cisco ≫ Firepower Threat Defense Software Version7.4.0

Cisco ≫ Firepower Threat Defense Software Version7.4.1

Cisco ≫ Firepower Threat Defense Software Version7.4.1.1

Cisco ≫ Firepower Threat Defense Software Version7.4.2

Cisco ≫ Firepower Threat Defense Software Version7.4.2.1

Cisco ≫ Firepower Threat Defense Software Version7.4.2.2

Cisco ≫ Firepower Threat Defense Software Version7.4.2.3

Cisco ≫ Firepower Threat Defense Software Version7.4.2.4

Cisco ≫ Firepower Threat Defense Software Version7.4.3

Cisco ≫ Firepower Threat Defense Software Version7.6.0

Cisco ≫ Firepower Threat Defense Software Version7.6.1

Cisco ≫ Firepower Threat Defense Software Version7.6.2

Cisco ≫ Firepower Threat Defense Software Version7.6.2.1

Cisco ≫ Firepower Threat Defense Software Version7.7.0

Cisco ≫ Firepower Threat Defense Software Version7.7.10

Cisco ≫ Firepower Threat Defense Software Version7.7.10.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-20021

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20021

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20021

EUVD