CVE-2026-20014
Received Received - Intake
Denial of Service in Cisco IKEv2 VPN via Memory Exhaustion

Publication date: 2026-03-04

Last updated on: 2026-04-16

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-04-16
Generated
2026-05-07
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20014
EUVD
EUVD-2026-9431
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software From 9.12.1 (inc) to 9.16.4.85 (exc)
cisco adaptive_security_appliance_software From 9.17.1 (inc) to 9.18.4.66 (exc)
cisco adaptive_security_appliance_software From 9.19.1 (inc) to 9.20.4 (exc)
cisco adaptive_security_appliance_software From 9.22.1.1 (inc) to 9.22.2.9 (exc)
cisco adaptive_security_appliance_software From 9.23.1 (inc) to 9.23.1.13 (exc)
cisco firepower_threat_defense_software From 6.4.0 (inc) to 7.0.9 (exc)
cisco firepower_threat_defense_software From 7.1.0 (inc) to 7.2.11 (exc)
cisco firepower_threat_defense_software From 7.3.0 (inc) to 7.4.3 (exc)
cisco firepower_threat_defense_software From 7.6.0 (inc) to 7.6.4 (exc)
cisco firepower_threat_defense_software From 7.7.0 (inc) to 7.7.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. It allows an authenticated, remote attacker who has valid VPN user credentials to cause a denial-of-service (DoS) condition on the affected device.

The issue arises from improper processing of IKEv2 packets. An attacker can exploit this by sending specially crafted, authenticated IKEv2 packets to the device, which can exhaust the device's memory and cause it to reload.


How can this vulnerability impact me? :

Exploiting this vulnerability can cause a denial-of-service condition on the affected device, leading to a device reload.

This can impact the availability of services not only on the affected device but also on other devices elsewhere in the network, potentially disrupting network operations.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart