CVE-2026-20039

Warnung

EPSS 0.15%
Veröffentlicht 04.03.2026 17:17:49
Zuletzt bearbeitet 05.03.2026 19:39:11
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Secure Firewall Adaptive Security Appliance (ASA) Software

Default Statusunknown

Version 9.12.3

Status affected

Version 9.12.1

Status affected

Version 9.12.2

Status affected

Version 9.12.4

Status affected

Version 9.12.3.2

Status affected

Version 9.12.3.7

Status affected

Version 9.12.2.5

Status affected

Version 9.12.3.12

Status affected

Version 9.12.1.3

Status affected

Version 9.12.2.4

Status affected

Version 9.12.1.2

Status affected

Version 9.12.2.9

Status affected

Version 9.12.3.9

Status affected

Version 9.12.2.1

Status affected

Version 9.12.4.2

Status affected

Version 9.12.4.4

Status affected

Version 9.12.4.7

Status affected

Version 9.12.4.8

Status affected

Version 9.12.4.10

Status affected

Version 9.12.4.13

Status affected

Version 9.12.4.18

Status affected

Version 9.12.4.24

Status affected

Version 9.16.1

Status affected

Version 9.12.4.26

Status affected

Version 9.16.1.28

Status affected

Version 9.12.4.29

Status affected

Version 9.16.2

Status affected

Version 9.12.4.30

Status affected

Version 9.16.2.3

Status affected

Version 9.12.4.35

Status affected

Version 9.16.2.7

Status affected

Version 9.12.4.37

Status affected

Version 9.17.1

Status affected

Version 9.16.2.11

Status affected

Version 9.16.2.13

Status affected

Version 9.12.4.39

Status affected

Version 9.12.4.38

Status affected

Version 9.16.2.14

Status affected

Version 9.17.1.7

Status affected

Version 9.12.4.40

Status affected

Version 9.16.3.3

Status affected

Version 9.16.3

Status affected

Version 9.16.3.14

Status affected

Version 9.17.1.9

Status affected

Version 9.12.4.41

Status affected

Version 9.17.1.10

Status affected

Version 9.18.1

Status affected

Version 9.12.4.47

Status affected

Version 9.16.3.15

Status affected

Version 9.18.1.3

Status affected

Version 9.17.1.11

Status affected

Version 9.12.4.48

Status affected

Version 9.18.2

Status affected

Version 9.16.3.19

Status affected

Version 9.17.1.13

Status affected

Version 9.12.4.50

Status affected

Version 9.17.1.15

Status affected

Version 9.12.4.52

Status affected

Version 9.16.3.23

Status affected

Version 9.18.2.5

Status affected

Version 9.16.4

Status affected

Version 9.12.4.54

Status affected

Version 9.17.1.20

Status affected

Version 9.18.2.7

Status affected

Version 9.19.1

Status affected

Version 9.16.4.9

Status affected

Version 9.12.4.55

Status affected

Version 9.18.2.8

Status affected

Version 9.16.4.14

Status affected

Version 9.18.3

Status affected

Version 9.19.1.5

Status affected

Version 9.12.4.56

Status affected

Version 9.17.1.30

Status affected

Version 9.19.1.9

Status affected

Version 9.18.3.39

Status affected

Version 9.16.4.19

Status affected

Version 9.12.4.58

Status affected

Version 9.19.1.12

Status affected

Version 9.18.3.46

Status affected

Version 9.16.4.27

Status affected

Version 9.19.1.18

Status affected

Version 9.18.3.53

Status affected

Version 9.18.3.55

Status affected

Version 9.16.4.38

Status affected

Version 9.17.1.33

Status affected

Version 9.12.4.62

Status affected

Version 9.16.4.39

Status affected

Version 9.18.3.56

Status affected

Version 9.20.1

Status affected

Version 9.16.4.42

Status affected

Version 9.19.1.22

Status affected

Version 9.18.4

Status affected

Version 9.20.1.5

Status affected

Version 9.18.4.5

Status affected

Version 9.19.1.24

Status affected

Version 9.16.4.48

Status affected

Version 9.18.4.8

Status affected

Version 9.20.2

Status affected

Version 9.19.1.27

Status affected

Version 9.12.4.65

Status affected

Version 9.16.4.55

Status affected

Version 9.18.4.22

Status affected

Version 9.20.2.10

Status affected

Version 9.16.4.57

Status affected

Version 9.19.1.28

Status affected

Version 9.17.1.39

Status affected

Version 9.12.4.67

Status affected

Version 9.18.4.24

Status affected

Version 9.20.2.21

Status affected

Version 9.16.4.61

Status affected

Version 9.19.1.31

Status affected

Version 9.18.4.29

Status affected

Version 9.20.2.22

Status affected

Version 9.16.4.62

Status affected

Version 9.18.4.34

Status affected

Version 9.20.3

Status affected

Version 9.16.4.67

Status affected

Version 9.16.4.70

Status affected

Version 9.18.4.40

Status affected

Version 9.23.1

Status affected

Version 9.22.1.1

Status affected

Version 9.16.4.71

Status affected

Version 9.20.3.4

Status affected

Version 9.18.4.47

Status affected

Version 9.20.3.7

Status affected

Version 9.17.1.45

Status affected

Version 9.19.1.37

Status affected

Version 9.17.1.46

Status affected

Version 9.16.4.76

Status affected

Version 9.20.3.9

Status affected

Version 9.19.1.38

Status affected

Version 9.18.4.50

Status affected

Version 9.22.1.3

Status affected

Version 9.20.3.10

Status affected

Version 9.22.1.2

Status affected

Version 9.18.4.52

Status affected

Version 9.20.3.13

Status affected

Version 9.22.1.6

Status affected

Version 9.18.4.53

Status affected

Version 9.16.4.82

Status affected

Version 9.22.2

Status affected

Version 9.19.1.42

Status affected

HerstellerCisco

≫

Produkt Cisco Secure Firewall Threat Defense (FTD) Software

Default Statusunknown

Version 6.4.0.1

Status affected

Version 6.4.0.2

Status affected

Version 6.4.0.5

Status affected

Version 6.4.0

Status affected

Version 6.4.0.3

Status affected

Version 6.4.0.4

Status affected

Version 6.4.0.6

Status affected

Version 6.4.0.7

Status affected

Version 6.4.0.8

Status affected

Version 6.4.0.9

Status affected

Version 6.4.0.10

Status affected

Version 6.4.0.11

Status affected

Version 6.4.0.12

Status affected

Version 7.0.0

Status affected

Version 7.0.0.1

Status affected

Version 7.0.1

Status affected

Version 7.1.0

Status affected

Version 6.4.0.13

Status affected

Version 7.0.1.1

Status affected

Version 6.4.0.14

Status affected

Version 7.1.0.1

Status affected

Version 7.0.2

Status affected

Version 6.4.0.15

Status affected

Version 7.2.0

Status affected

Version 7.0.2.1

Status affected

Version 7.0.3

Status affected

Version 7.1.0.2

Status affected

Version 7.2.0.1

Status affected

Version 7.0.4

Status affected

Version 7.2.1

Status affected

Version 7.0.5

Status affected

Version 6.4.0.16

Status affected

Version 7.3.0

Status affected

Version 7.2.2

Status affected

Version 7.2.3

Status affected

Version 7.3.1

Status affected

Version 7.1.0.3

Status affected

Version 7.2.4

Status affected

Version 7.0.6

Status affected

Version 7.2.5

Status affected

Version 7.2.4.1

Status affected

Version 7.3.1.1

Status affected

Version 7.4.0

Status affected

Version 6.4.0.17

Status affected

Version 7.0.6.1

Status affected

Version 7.2.5.1

Status affected

Version 7.4.1

Status affected

Version 7.2.6

Status affected

Version 7.0.6.2

Status affected

Version 7.4.1.1

Status affected

Version 6.4.0.18

Status affected

Version 7.2.7

Status affected

Version 7.2.5.2

Status affected

Version 7.3.1.2

Status affected

Version 7.2.8

Status affected

Version 7.6.0

Status affected

Version 7.4.2

Status affected

Version 7.2.8.1

Status affected

Version 7.0.6.3

Status affected

Version 7.4.2.1

Status affected

Version 7.2.9

Status affected

Version 7.0.7

Status affected

Version 7.7.0

Status affected

Version 7.4.2.2

Status affected

Version 7.4.2.3

Status affected

Version 7.0.8

Status affected

Version 7.0.8.1

Status affected

Version 7.4.2.4

Status affected

05.03.2026: CERT.at Warnung

https://www.cert.at/de/warnungen/2026/3/kritische-sicherheitslucken-in-cisco-secure-firewall-produkten-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.359

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-SpOFF2Re

https://nvd.nist.gov/vuln/detail/CVE-2026-20039

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20039

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20039

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20039

05.03.2026: CERT.at Warnung