Description
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory resulting in a denial of service (DoS) condition.This does not affect the management or MUS interfaces.

This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Published: 2026-03-04
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

An authenticated user connection to the Remote Access SSL VPN can send specially crafted packets that are accepted without adequate validation, leading the VPN server to consume increasing amounts of memory. The unchecked input causes a memory leak (CWE‑401) and eventually forces the device to reload, resulting in a denial of service for all users. No impact is seen on the management or MUS interfaces.

Affected Systems

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are affected. The vulnerability applies to any deployed version of these products that has Remote Access SSL VPN enabled; no specific downstream version numbers are listed in the advisory, so all current builds should be reviewed.

Risk and Exploitability

The CVSS base score of 7.7 indicates a high‑to‑medium risk, while the EPSS score of less than 1% suggests a low but non‑zero probability of exploitation. The attack requires an authenticated VPN session, so an attacker must possess valid credentials to connect first. Once authenticated, the attacker can transmit malicious packets that trigger memory exhaustion, causing the device to reload and denying service to all users. The vulnerability is not in the CISA KEV catalogue, which reflects that no widespread exploitation has been observed yet.

Generated by OpenCVE AI on April 16, 2026 at 13:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the most recent ASA or FTD firmware release that contains the fix for the SSL VPN memory exhaustion issue.
  • If a patch cannot be applied immediately, disable or revoke Remote Access SSL VPN privileges on the affected appliance to prevent authenticated exploitation until the patch is installed.
  • Configure monitoring or alerting on the device to detect abnormal memory usage spikes, and consider tightening access controls or rate‑limiting traffic on the VPN interfaces.
  • Verify that the VPN service is only exposed to trusted network segments and that users have the least privilege necessary for their role.

Generated by OpenCVE AI on April 16, 2026 at 13:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco firepower Threat Defense Software
CPEs cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Vendors & Products Cisco firepower Threat Defense Software

Thu, 16 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Remote Access SSL VPN can cause device reload due to memory exhaustion

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory resulting in a denial of service (DoS) condition.This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Adaptive Security Appliance Software Firepower Threat Defense Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T21:34:17.458Z

Reserved: 2025-10-08T11:59:15.371Z

Link: CVE-2026-20105

cve-icon Vulnrichment

Updated: 2026-03-04T21:33:54.552Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T18:16:26.200

Modified: 2026-04-16T20:27:52.450

Link: CVE-2026-20105

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses