Description
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of services to devices elsewhere in the network.

This vulnerability is due to a memory leak when parsing IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to be manually reloaded.
Published: 2026-03-04
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Update
AI Analysis

Impact

A memory leak in the IKEv2 packet parsing of Cisco Secure Firewall ASA and FTD creates a denial‑of‑service vulnerability. An unauthenticated remote attacker can send specially crafted IKEv2 packets that cause the device to consume memory until resources are exhausted, forcing a manual reload to restore services. The flaw provides no privilege escalation or data disclosure but cripples network availability for hosts depending on the affected appliance.

Affected Systems

The flaw affects Cisco Secure Firewall ASA Software and Cisco Secure FTD Software, including all releases that have not yet applied the vendor fix. No specific version numbers are listed in the advisory, so any installation of these products that lacks the update is susceptible.

Risk and Exploitability

The advisory assigns a CVSS score of 5.8, indicating moderate severity, while the EPSS score is below 1 %, implying a very low likelihood of active exploitation. The vulnerability is not listed in the CISA KEV catalog, and the attack vector is inferred to be remote over the network via IKEv2 traffic. Attackers would need to send malicious IKEv2 packets to the appliance; no local access or special credentials are required.

Generated by OpenCVE AI on April 16, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Cisco ASA or FTD firmware that contains the IKEv2 memory‑leak fix.
  • If an upgrade cannot be performed immediately, block or limit IKEv2 traffic from untrusted sources using access lists or firewall rules.
  • Enable monitoring of CPU and memory usage on VPN components and schedule automatic or manual reloads when thresholds are exceeded.

Generated by OpenCVE AI on April 16, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco firepower Threat Defense Software
CPEs cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Vendors & Products Cisco firepower Threat Defense Software

Thu, 16 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Denial‑of‑Service via Memory Leak in IKEv2 Processing

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of services to devices elsewhere in the network. This vulnerability is due to a memory leak when parsing IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to be manually reloaded.
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}

Subscriptions

Cisco Adaptive Security Appliance Software Firepower Threat Defense Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T21:38:16.098Z

Reserved: 2025-10-08T11:59:15.351Z

Link: CVE-2026-20015

cve-icon Vulnrichment

Updated: 2026-03-04T21:38:12.576Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T18:16:15.853

Modified: 2026-04-16T20:02:10.660

Link: CVE-2026-20015

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses