CVE-2026-20012 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 25, 2026
Cisco IOS & Secure Firewall - Denial of Service
Published: March 25, 2026Updated: March 25, 2026Remote Exploitable
Overview
Cisco IOS, IOS XE, Secure Firewall ASA, and Secure FTD Software contain a denial of service vulnerability caused by improper parsing of IKEv2 packets, letting unauthenticated remote attackers trigger memory leaks and cause device reload or instability, exploit requires sending crafted IKEv2 packets.
Severity & Score
Severity: High
CVSS Score: 8.6
Impact
Unauthenticated remote attackers can cause device reload or memory exhaustion, leading to denial of service and system instability.
Mitigation
Update to the latest available versions of Cisco IOS, IOS XE, Secure Firewall ASA, and Secure FTD Software.
Related Resources
Details
- CVE ID
- CVE-2026-20012
- Severity
- High
- CVSS Score
- 8.6
- Type
- undefined
- Status
- new
CWE
- CWE-401
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H