Description
A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device.

This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this vulnerability by repeatedly triggering the conditions that cause the memory increase. This could be done in a variety of ways, such as by repeatedly attempting Extensible Authentication Protocol (EAP) authentication when local EAP is enabled on an affected device or by using a machine-in-the-middle attack and resetting TLS connections between the affected device and other devices. A successful exploit could allow the attacker to exhaust the available memory on an affected device, resulting in an unexpected reload and a denial of service (DoS) condition.
Published: 2026-03-25
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service caused by memory exhaustion in the TLS library
Action: Patch
AI Analysis

Impact

The vulnerability allows an unauthenticated attacker to exhaust the device’s memory by repeatedly creating TLS connections, such as through repeated EAP authentication attempts or a machine‑in‑the‑middle resetting TLS sessions. This improper memory resource handling can cause the device to reload unexpectedly, resulting in a denial of service. The weakness falls under resource exhaustion and is identified as CWE‑771, leading to loss of availability for the affected system.

Affected Systems

The affected product is Cisco IOS XE Software. No specific version information is provided in the data, so all releases of the CISCO IOS XE platform that include the vulnerable TLS library are potentially affected. Attacks are typically launched from an adjacent network or via a man‑in‑the‑middle position that can reset TLS connections.

Risk and Exploitability

The CVSS score of 7.4 indicates a high severity level, and while EPSS data is not available, the lack of authentication requirement and the possibility of an attacker on the same network make exploitation plausible. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an unauthenticated adjacent attacker that can trigger TLS or EAP traffic to a device, or an attacker able to perform a MITM reset of TLS sessions. Successful exploitation would cause a memory leak, leading to a reload and device downtime.

Generated by OpenCVE AI on March 25, 2026 at 19:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco IOS XE Software patch that fixes the TLS memory management issue
  • Disable local EAP authentication if it is not required for your deployment
  • Monitor device memory usage and reload events to detect early signs of the issue
  • Check Cisco’s security advisory page for any additional mitigations or updates

Generated by OpenCVE AI on March 25, 2026 at 19:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xe Software
Vendors & Products Cisco
Cisco ios Xe Software

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title TLS Memory Exhaustion in Cisco IOS XE Software Causing Denial of Service

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this vulnerability by repeatedly triggering the conditions that cause the memory increase. This could be done in a variety of ways, such as by repeatedly attempting Extensible Authentication Protocol (EAP) authentication when local EAP is enabled on an affected device or by using a machine-in-the-middle attack and resetting TLS connections between the affected device and other devices. A successful exploit could allow the attacker to exhaust the available memory on an affected device, resulting in an unexpected reload and a denial of service (DoS) condition.
Weaknesses CWE-771
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Ios Xe Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-26T17:38:43.815Z

Reserved: 2025-10-08T11:59:15.349Z

Link: CVE-2026-20004

cve-icon Vulnrichment

Updated: 2026-03-26T17:38:39.794Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T16:16:10.520

Modified: 2026-03-26T15:13:33.940

Link: CVE-2026-20004

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:42:46Z

Weaknesses