CVE-2026-20103

Warnung

EPSS 0.06%
Veröffentlicht 04.03.2026 17:19:36
Zuletzt bearbeitet 16.04.2026 20:28:00
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition to new Remote Access SSL VPN connections. This does not affect the management interface, though it may become temporarily unresponsive. 

 This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device web interface to stop responding, resulting in a DoS condition.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

NVD 10 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Adaptive Security Appliance Software Version >= 9.12.1 < 9.16.4.85

Cisco ≫ Adaptive Security Appliance Software Version >= 9.17.1 < 9.18.4.66

Cisco ≫ Adaptive Security Appliance Software Version >= 9.19.1 < 9.20.4

Cisco ≫ Adaptive Security Appliance Software Version >= 9.22.1.1 < 9.22.2.4

Cisco ≫ Adaptive Security Appliance Software Version >= 9.23.1 < 9.23.1.7

Cisco ≫ Firepower Threat Defense Software Version >= 6.4.0 < 7.0.9

Cisco ≫ Firepower Threat Defense Software Version >= 7.1.0 < 7.2.11

Cisco ≫ Firepower Threat Defense Software Version >= 7.3.0 < 7.4.3

Cisco ≫ Firepower Threat Defense Software Version >= 7.6.0 < 7.6.4

Cisco ≫ Firepower Threat Defense Software Version >= 7.7.0 < 7.7.11

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

05.03.2026:

https://www.cert.at/de/warnungen/2026/3/kritische-sicherheitslucken-in-cisco-secure-firewall-produkten-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-20103

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20103

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20103

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20103

05.03.2026: