Description
A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by sending crafted GCM-encrypted IPsec traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. To exploit this vulnerability, the attacker must have valid credentials to establish a VPN connection with the affected device.
Published: 2026-03-04
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch ASAP
AI Analysis

Impact

A flaw in handling Galois/Counter Mode (GCM)-encrypted IKEv2 traffic on Cisco Secure Firewall ASA and FTD appliances allows an authenticated remote attacker to trigger an unchecked memory allocation error that can force the device to unexpectedly reload, causing a denial of service. The weakness is a size‑validation error during cryptographic processing, classified as CWE‑131. The attack requires valid VPN credentials to initiate the vulnerable traffic, but does not enable code execution or privilege escalation.

Affected Systems

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software are affected. No specific firmware or software version numbers are listed in the advisory; organizations should verify whether their deployed versions match the vulnerable releases and whether an update is available.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.7, indicating high severity, yet the EPSS score of less than 1% points to a low likelihood of exploitation in the wild. The entry is not cataloged in the CISA Known Exploited Vulnerabilities list. Attackers need authenticated VPN access, limiting the threat mostly to insiders or compromised accounts with VPN credentials. Nonetheless, the potential for a forced device reboot can disrupt network operations, especially in critical environments.

Generated by OpenCVE AI on April 17, 2026 at 13:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the ASA or FTD firmware to the latest release that addresses the GCM memory allocation flaw
  • Limit VPN access to trusted users and enforce multi‑factor authentication to reduce the chance of credential compromise
  • Configure firewall policies to filter or log anomalous IKEv2 traffic patterns and increase monitoring of packet‑level anomalies in the VPN layer

Generated by OpenCVE AI on April 17, 2026 at 13:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Title Insufficient Memory Allocation in IKEv2 GCM Decryption Causes DoS on Cisco ASA/FTD

Thu, 16 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco firepower Threat Defense Software
CPEs cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Vendors & Products Cisco firepower Threat Defense Software

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by sending crafted GCM-encrypted IPsec traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. To exploit this vulnerability, the attacker must have valid credentials to establish a VPN connection with the affected device.
Weaknesses CWE-131
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Adaptive Security Appliance Software Firepower Threat Defense Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T20:55:05.470Z

Reserved: 2025-10-08T11:59:15.355Z

Link: CVE-2026-20049

cve-icon Vulnrichment

Updated: 2026-03-04T20:54:59.911Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T18:16:17.863

Modified: 2026-04-16T20:01:02.797

Link: CVE-2026-20049

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses