CVE-2026-20103 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 4, 2026
Cisco Secure Firewall ASA & FTD - Denial of Service
Published: March 4, 2026Updated: March 4, 2026Remote Exploitable
Overview
Cisco Secure Firewall ASA and FTD Software contain a denial of service vulnerability caused by unvalidated user input in the Remote Access SSL VPN functionality, letting unauthenticated remote attackers exhaust device memory and disrupt new VPN connections, exploit requires sending crafted packets.
Severity & Score
Severity: High
CVSS Score: 8.6
Impact
Unauthenticated remote attackers can cause denial of service by exhausting device memory, disrupting new VPN connections and temporarily affecting the web interface responsiveness.
Mitigation
Update to the latest available version of Cisco Secure Firewall ASA and FTD Software.
Related Resources
Details
- CVE ID
- CVE-2026-20103
- Severity
- High
- CVSS Score
- 8.6
- Type
- denial_of_service
- Status
- new
CWE
- CWE-770
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H