Description
A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.

This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.
Published: 2026-03-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

A flaw in the Remote Access SSL VPN, HTTP management and MUS components of Cisco Secure Firewall ASA and FTD trusts unvalidated user input, allowing an unauthenticated attacker to send crafted packets that exhaust device memory and force the device to stop responding. The result is a loss of availability; the vulnerability does not compromise confidentiality or integrity of data. It is categorized as a memory‑leak issue (CWE‑401).

Affected Systems

The defect affects Cisco Secure Firewall Adaptive Security Appliance (ASA) software and Cisco Secure Firewall Threat Defense (FTD) software. No specific firmware versions are listed in the advisory, so all current releases are presumed vulnerable until a fix is installed.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of below 1 % reflects a very low current exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. The attack can be carried out remotely over the network by an adversary who does not need any credentials; the attacker simply sends malformed SSL VPN packets to the device, causing a memory exhaustion that culminates in a denial of service. Because no authentication is required, the risk is primarily to service availability rather than data confidentiality or integrity.

Generated by OpenCVE AI on April 16, 2026 at 13:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Secure Firewall firmware update that includes the memory‑exhaustion fix.
  • Disable Remote Access SSL VPN, HTTP management, or MUS on devices where those features are not required.
  • Continuously monitor VPN logs and device health metrics for abnormal traffic or memory usage, and perform manual restarts if the service becomes unresponsive.

Generated by OpenCVE AI on April 16, 2026 at 13:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco firepower Threat Defense Software
CPEs cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Vendors & Products Cisco firepower Threat Defense Software

Thu, 16 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Remote Access SSL VPN Memory Exhaustion DoS

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Cisco Adaptive Security Appliance Software Firepower Threat Defense Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-11T15:19:29.839Z

Reserved: 2025-10-08T11:59:15.371Z

Link: CVE-2026-20106

cve-icon Vulnrichment

Updated: 2026-03-04T21:41:08.826Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T18:16:26.670

Modified: 2026-04-16T20:27:39.697

Link: CVE-2026-20106

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses