5.3

CVE-2026-20106

Warnung
A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.

 This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoAdaptive Security Appliance Software Version >= 9.12.1 < 9.16.4.85
CiscoAdaptive Security Appliance Software Version >= 9.17.1 < 9.18.4.66
CiscoAdaptive Security Appliance Software Version >= 9.19.1 < 9.20.4
CiscoAdaptive Security Appliance Software Version >= 9.22.1.1 < 9.22.2.4
CiscoAdaptive Security Appliance Software Version >= 9.23.1 < 9.23.1.7
CiscoFirepower Threat Defense Software Version >= 6.4.0 < 7.0.9
CiscoFirepower Threat Defense Software Version >= 7.1.0 < 7.2.11
CiscoFirepower Threat Defense Software Version >= 7.3.0 < 7.4.3
CiscoFirepower Threat Defense Software Version >= 7.6.0 < 7.6.4
CiscoFirepower Threat Defense Software Version >= 7.7.0 < 7.7.11
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.19
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.