CVE-2026-20015
Received
Received - Intake
Memory Leak in Cisco IKEv2 Causes Remote DoS Condition
Publication date: 2026-03-04
Last updated on: 2026-04-16
Assigner: Cisco Systems, Inc.
Description
Description
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of services to devices elsewhere in the network.
This vulnerability is due to a memory leak when parsing IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to be manually reloaded.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | adaptive_security_appliance_software | From 9.18.1 (inc) to 9.18.4.71 (exc) |
| cisco | adaptive_security_appliance_software | From 9.19.1 (inc) to 9.20.4.10 (exc) |
| cisco | adaptive_security_appliance_software | From 9.22.1.1 (inc) to 9.22.2.13 (exc) |
| cisco | adaptive_security_appliance_software | From 9.23.1 (inc) to 9.23.1.19 (exc) |
| cisco | firepower_threat_defense_software | From 7.3.0 (inc) to 7.4.3 (exc) |
| cisco | firepower_threat_defense_software | From 7.6.0 (inc) to 7.6.4 (exc) |
| cisco | firepower_threat_defense_software | From 7.7.0 (inc) to 7.7.11 (exc) |
| cisco | firepower_threat_defense_software | From 7.2.0 (inc) to 7.2.11 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
