Description
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon.

This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition.
Published: 2026-03-04
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via device reload
Action: Patch
AI Analysis

Impact

A flaw in the OSPF protocol handling within Cisco Secure Firewall ASA and FTD software allows an unauthenticated adjacent attacker to send crafted OSPF LSU packets that trigger a memory write outside the packet buffer, forcing the device to reload. The resulting reload causes a denial‑of‑service condition for network connectivity, though no privilege escalation or data compromise occurs. The weakness corresponds to insufficient input validation over packet data.

Affected Systems

Products affected are Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. No specific firmware version exclusions are listed; all current releases are potentially vulnerable until a patched version is deployed.

Risk and Exploitability

The vulnerability has a CVSS score of 6.1, indicating moderate severity, and an EPSS score of less than 1 %, showing a very low probability of exploitation in the wild. The attack requires an unauthenticated attacker adjacent to the device and requires the OSPF canonicalization debug command (debug ip ospf canon) to be enabled. The vector does not involve remote code execution and is contained within the local network segment. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 16, 2026 at 13:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco ASA or FTD firmware release that incorporates the OSPF LSU packet validation fix.
  • Disable or remove the OSPF canonicalization debug command (debug ip ospf canon) on all affected firewalls.
  • Monitor transit OSPF traffic for anomalous LSU packets and implement temporary packet filtering or rate limiting until the patch is applied.

Generated by OpenCVE AI on April 16, 2026 at 13:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Title OSPF LSU Packet Validation Bug Leads to Device Reload DoS on Cisco ASA/FTD

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon. This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition.
Weaknesses CWE-823
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Adaptive Security Appliance Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T21:34:01.015Z

Reserved: 2025-10-08T11:59:15.352Z

Link: CVE-2026-20022

cve-icon Vulnrichment

Updated: 2026-03-04T21:33:54.770Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T19:16:12.640

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20022

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:15:06Z

Weaknesses