Description
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network.

This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload.
Published: 2026-03-04
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service affecting device availability and downstream network services
Action: Apply Patch
AI Analysis

Impact

A remote authenticated attacker who holds valid VPN user credentials can send specially crafted IKEv2 packets to an affected Cisco Secure Firewall device. The device’s improper handling of these packets causes memory exhaustion, forcing the system to reload. This denial of service disrupts not only the targeted firewall but can also impact the availability of services on other devices in the network. The underlying weakness is a memory leak, classified as CWE-401.

Affected Systems

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software are the impacted products. No specific version information is provided in the advisory; any current installation is potentially vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.7, indicating a high severity. EPSS indicates a low exploitation probability (<1%), and the issue is not listed in the CISA KEV catalog. The likely attack vector is an authenticated remote user leveraging VPN access; exploitation requires the attacker to have valid credentials but does not demand additional privileged access.

Generated by OpenCVE AI on April 17, 2026 at 13:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or update to the most recent trusted release promptly.
  • Restrict network access to the IKEv2 endpoint and enforce strong authentication policies, ensuring that only authorized users can initiate VPN connections.
  • If a patch is not yet available, consider temporarily disabling IKEv2 on the affected device or removing the VPN service from critical network paths.
  • Deploy monitoring to detect abnormal memory usage or repeated reloads that may indicate an attempt to trigger this DoS.

Generated by OpenCVE AI on April 17, 2026 at 13:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Title Authenticated Remote IKEv2 DoS Causing Device Reload

Thu, 16 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco firepower Threat Defense Software
CPEs cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Vendors & Products Cisco firepower Threat Defense Software

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload.
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Adaptive Security Appliance Software Firepower Threat Defense Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T21:38:38.947Z

Reserved: 2025-10-08T11:59:15.351Z

Link: CVE-2026-20014

cve-icon Vulnrichment

Updated: 2026-03-04T21:38:35.796Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T18:16:15.557

Modified: 2026-04-16T20:11:34.827

Link: CVE-2026-20014

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses