CVE-2026-20020

Received Received - Intake

Buffer Overflow in Cisco ASA/FTD OSPF Causes DoS

Publication date: 2026-03-04

Last updated on: 2026-05-04

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability. This vulnerability is due to insufficient input validation when processing OSPF update packets. An attacker could exploit this vulnerability by sending crafted OSPF update packets. A successful exploit could allow the attacker to create a buffer overflow, causing the affected device to reload, resulting in a DoS condition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-04

Last Modified

2026-05-04

Generated

2026-05-07

AI Q&A

2026-03-04

EPSS Evaluated

2026-05-05

NVD

CVE-2026-20020

EUVD

EUVD-2026-9477

Affected Vendors & Products

Vendor	Product	Version / Range
cisco	adaptive_security_appliance_software	9.16.1
cisco	adaptive_security_appliance_software	9.12.2
cisco	adaptive_security_appliance_software	9.12.2.5
cisco	adaptive_security_appliance_software	9.12.4.4
cisco	adaptive_security_appliance_software	9.12.3.2
cisco	adaptive_security_appliance_software	9.12.3.7
cisco	adaptive_security_appliance_software	9.12.4
cisco	adaptive_security_appliance_software	9.12.3.12
cisco	adaptive_security_appliance_software	9.12.4.37
cisco	adaptive_security_appliance_software	9.12.4.38
cisco	adaptive_security_appliance_software	9.12.4.39
cisco	adaptive_security_appliance_software	9.17.1
cisco	adaptive_security_appliance_software	9.12.3
cisco	adaptive_security_appliance_software	9.12.3.9
cisco	adaptive_security_appliance_software	9.12.4.26
cisco	adaptive_security_appliance_software	9.12.4.30
cisco	adaptive_security_appliance_software	9.16.1.28
cisco	adaptive_security_appliance_software	9.17.1.7
cisco	adaptive_security_appliance_software	9.16.3.14
cisco	adaptive_security_appliance_software	9.16.4
cisco	adaptive_security_appliance_software	9.18.2.5
cisco	adaptive_security_appliance_software	9.17.1.10
cisco	adaptive_security_appliance_software	9.17.1.13
cisco	adaptive_security_appliance_software	9.18.1
cisco	adaptive_security_appliance_software	9.18.1.3
cisco	adaptive_security_appliance_software	9.12.1
cisco	adaptive_security_appliance_software	9.12.1.2
cisco	adaptive_security_appliance_software	9.12.1.3
cisco	adaptive_security_appliance_software	9.12.4.10
cisco	adaptive_security_appliance_software	9.12.4.13
cisco	adaptive_security_appliance_software	9.12.4.8
cisco	adaptive_security_appliance_software	9.12.4.18
cisco	adaptive_security_appliance_software	9.16.2.3
cisco	adaptive_security_appliance_software	9.16.2.7
cisco	adaptive_security_appliance_software	9.16.2.11
cisco	adaptive_security_appliance_software	9.16.2.13
cisco	adaptive_security_appliance_software	9.16.2.14
cisco	adaptive_security_appliance_software	9.17.1.11
cisco	adaptive_security_appliance_software	9.17.1.15
cisco	adaptive_security_appliance_software	9.12.4.2
cisco	adaptive_security_appliance_software	9.17.1.9
cisco	adaptive_security_appliance_software	9.12.2.4
cisco	adaptive_security_appliance_software	9.12.2.9
cisco	adaptive_security_appliance_software	9.12.2.1
cisco	adaptive_security_appliance_software	9.12.4.7
cisco	adaptive_security_appliance_software	9.12.4.24
cisco	adaptive_security_appliance_software	9.12.4.29
cisco	adaptive_security_appliance_software	9.12.4.35
cisco	adaptive_security_appliance_software	9.16.2
cisco	adaptive_security_appliance_software	9.16.3.3
cisco	adaptive_security_appliance_software	9.16.3
cisco	adaptive_security_appliance_software	9.18.2
cisco	adaptive_security_appliance_software	9.19.1.9
cisco	adaptive_security_appliance_software	9.19.1.5
cisco	adaptive_security_appliance_software	9.19.1.18
cisco	adaptive_security_appliance_software	9.19.1.12
cisco	adaptive_security_appliance_software	9.19.1
cisco	adaptive_security_appliance_software	9.18.3.55
cisco	adaptive_security_appliance_software	9.18.3.53
cisco	adaptive_security_appliance_software	9.18.3.46
cisco	adaptive_security_appliance_software	9.18.3.39
cisco	adaptive_security_appliance_software	9.18.3
cisco	adaptive_security_appliance_software	9.18.2.8
cisco	adaptive_security_appliance_software	9.18.2.7
cisco	adaptive_security_appliance_software	9.17.1.30
cisco	adaptive_security_appliance_software	9.17.1.20
cisco	adaptive_security_appliance_software	9.16.4.9
cisco	adaptive_security_appliance_software	9.16.4.38
cisco	adaptive_security_appliance_software	9.16.4.27
cisco	adaptive_security_appliance_software	9.16.4.19
cisco	adaptive_security_appliance_software	9.16.4.14
cisco	adaptive_security_appliance_software	9.16.3.23
cisco	adaptive_security_appliance_software	9.16.3.19
cisco	adaptive_security_appliance_software	9.16.3.15
cisco	adaptive_security_appliance_software	9.12.4.58
cisco	adaptive_security_appliance_software	9.12.4.56
cisco	adaptive_security_appliance_software	9.12.4.55
cisco	adaptive_security_appliance_software	9.12.4.54
cisco	adaptive_security_appliance_software	9.12.4.52
cisco	adaptive_security_appliance_software	9.12.4.50
cisco	adaptive_security_appliance_software	9.12.4.48
cisco	adaptive_security_appliance_software	9.12.4.47
cisco	adaptive_security_appliance_software	9.12.4.41
cisco	adaptive_security_appliance_software	9.12.4.40
cisco	adaptive_security_appliance_software	9.12.4.62
cisco	adaptive_security_appliance_software	9.12.4.65
cisco	adaptive_security_appliance_software	9.16.4.39
cisco	adaptive_security_appliance_software	9.16.4.42
cisco	adaptive_security_appliance_software	9.16.4.48
cisco	adaptive_security_appliance_software	9.16.4.55
cisco	adaptive_security_appliance_software	9.17.1.33
cisco	adaptive_security_appliance_software	9.18.3.56
cisco	adaptive_security_appliance_software	9.18.4
cisco	adaptive_security_appliance_software	9.18.4.5
cisco	adaptive_security_appliance_software	9.18.4.8
cisco	adaptive_security_appliance_software	9.19.1.22
cisco	adaptive_security_appliance_software	9.19.1.24
cisco	adaptive_security_appliance_software	9.19.1.27
cisco	adaptive_security_appliance_software	9.20.1
cisco	adaptive_security_appliance_software	9.20.1.5
cisco	adaptive_security_appliance_software	9.20.2
cisco	adaptive_security_appliance_software	9.20.2.21
cisco	adaptive_security_appliance_software	9.20.2.10
cisco	adaptive_security_appliance_software	9.19.1.31
cisco	adaptive_security_appliance_software	9.19.1.28
cisco	adaptive_security_appliance_software	9.18.4.24
cisco	adaptive_security_appliance_software	9.18.4.22
cisco	adaptive_security_appliance_software	9.17.1.39
cisco	adaptive_security_appliance_software	9.16.4.61
cisco	adaptive_security_appliance_software	9.16.4.57
cisco	adaptive_security_appliance_software	9.12.4.67
cisco	adaptive_security_appliance_software	9.20.3
cisco	adaptive_security_appliance_software	9.18.4.40
cisco	adaptive_security_appliance_software	9.16.4.70
cisco	adaptive_security_appliance_software	9.16.4.67
cisco	adaptive_security_appliance_software	9.20.2.22
cisco	adaptive_security_appliance_software	9.18.4.34
cisco	adaptive_security_appliance_software	9.18.4.29
cisco	adaptive_security_appliance_software	9.16.4.62
cisco	adaptive_security_appliance_software	9.20.3.4
cisco	adaptive_security_appliance_software	9.20.3.7
cisco	adaptive_security_appliance_software	9.22.1.1
cisco	adaptive_security_appliance_software	9.23.1
cisco	adaptive_security_appliance_software	9.16.4.71
cisco	adaptive_security_appliance_software	9.16.4.76
cisco	adaptive_security_appliance_software	9.16.4.82
cisco	adaptive_security_appliance_software	9.16.4.84
cisco	adaptive_security_appliance_software	9.16.4.85
cisco	adaptive_security_appliance_software	9.17.1.45
cisco	adaptive_security_appliance_software	9.17.1.46
cisco	adaptive_security_appliance_software	9.18.4.47
cisco	adaptive_security_appliance_software	9.18.4.50
cisco	adaptive_security_appliance_software	9.18.4.52
cisco	adaptive_security_appliance_software	9.18.4.53
cisco	adaptive_security_appliance_software	9.18.4.57
cisco	adaptive_security_appliance_software	9.19.1.37
cisco	adaptive_security_appliance_software	9.19.1.38
cisco	adaptive_security_appliance_software	9.19.1.42
cisco	adaptive_security_appliance_software	9.20.3.10
cisco	adaptive_security_appliance_software	9.20.3.13
cisco	adaptive_security_appliance_software	9.20.3.16
cisco	adaptive_security_appliance_software	9.20.3.20
cisco	adaptive_security_appliance_software	9.20.3.9
cisco	adaptive_security_appliance_software	9.22.1.2
cisco	adaptive_security_appliance_software	9.22.1.3
cisco	adaptive_security_appliance_software	9.22.1.6
cisco	adaptive_security_appliance_software	9.22.2
cisco	firepower_threat_defense	6.4.0
cisco	firepower_threat_defense	7.1.0
cisco	firepower_threat_defense	7.0.0
cisco	firepower_threat_defense	7.2.0.1
cisco	firepower_threat_defense	7.0.1
cisco	firepower_threat_defense	7.0.0.1
cisco	firepower_threat_defense	7.0.1.1
cisco	firepower_threat_defense	7.0.2
cisco	firepower_threat_defense	7.0.2.1
cisco	firepower_threat_defense	7.0.3
cisco	firepower_threat_defense	7.0.4
cisco	firepower_threat_defense	7.1.0.1
cisco	firepower_threat_defense	7.1.0.2
cisco	firepower_threat_defense	7.2.0
cisco	firepower_threat_defense	6.4.0.1
cisco	firepower_threat_defense	6.4.0.3
cisco	firepower_threat_defense	6.4.0.2
cisco	firepower_threat_defense	6.4.0.4
cisco	firepower_threat_defense	6.4.0.5
cisco	firepower_threat_defense	6.4.0.6
cisco	firepower_threat_defense	6.4.0.7
cisco	firepower_threat_defense	6.4.0.8
cisco	firepower_threat_defense	6.4.0.9
cisco	firepower_threat_defense	6.4.0.10
cisco	firepower_threat_defense	6.4.0.11
cisco	firepower_threat_defense	6.4.0.12
cisco	firepower_threat_defense	6.4.0.13
cisco	firepower_threat_defense	6.4.0.14
cisco	firepower_threat_defense	7.2.1
cisco	firepower_threat_defense	7.2.2
cisco	firepower_threat_defense	7.2.3
cisco	firepower_threat_defense	7.3.1.1
cisco	firepower_threat_defense	7.3.1
cisco	firepower_threat_defense	7.3.0
cisco	firepower_threat_defense	7.2.5
cisco	firepower_threat_defense	7.2.4.1
cisco	firepower_threat_defense	7.2.4
cisco	firepower_threat_defense	7.1.0.3
cisco	firepower_threat_defense	7.0.6
cisco	firepower_threat_defense	7.0.5
cisco	firepower_threat_defense	6.4.0.16
cisco	firepower_threat_defense	6.4.0.15
cisco	firepower_threat_defense	6.4.0.17
cisco	firepower_threat_defense	7.0.6.1
cisco	firepower_threat_defense	7.2.5.1
cisco	firepower_threat_defense	7.4.0
cisco	firepower_threat_defense	7.4.1
cisco	firepower_threat_defense	7.4.1.1
cisco	firepower_threat_defense	7.2.5.2
cisco	firepower_threat_defense	7.3.1.2
cisco	firepower_threat_defense	7.2.6
cisco	firepower_threat_defense	7.2.7
cisco	firepower_threat_defense	6.4.0.18
cisco	firepower_threat_defense	7.0.6.2
cisco	firepower_threat_defense	7.2.8
cisco	firepower_threat_defense	7.2.8.1
cisco	firepower_threat_defense	7.4.2
cisco	firepower_threat_defense	7.0.6.3
cisco	firepower_threat_defense	7.4.2.1
cisco	firepower_threat_defense	7.6.0
cisco	firepower_threat_defense	7.7.0
cisco	firepower_threat_defense	7.0.7
cisco	firepower_threat_defense	7.0.8
cisco	firepower_threat_defense	7.0.8.1
cisco	firepower_threat_defense	7.2.10
cisco	firepower_threat_defense	7.2.10.2
cisco	firepower_threat_defense	7.2.9
cisco	firepower_threat_defense	7.4.2.2
cisco	firepower_threat_defense	7.4.2.3
cisco	firepower_threat_defense	7.4.2.4
cisco	firepower_threat_defense	7.6.1
cisco	firepower_threat_defense	7.6.2
cisco	firepower_threat_defense	7.6.2.1
cisco	firepower_threat_defense	7.7.10

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-20	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability exists in the OSPF protocol implementation of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. It is caused by insufficient input validation when processing OSPF update packets.

An unauthenticated, adjacent attacker can exploit this by sending specially crafted OSPF update packets, which can trigger a buffer overflow.

If OSPF authentication is enabled, the attacker must know the secret key to exploit the vulnerability.

A successful exploit causes the affected device to reload unexpectedly, resulting in a denial-of-service (DoS) condition.

How can this vulnerability impact me? :

This vulnerability can cause affected Cisco firewall devices to reload unexpectedly, leading to a denial-of-service (DoS) condition.

Such a DoS condition can disrupt network operations, potentially causing downtime and loss of connectivity for users relying on these devices.

If an attacker exploits this vulnerability, it could impact the availability of network security infrastructure.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that OSPF authentication is enabled to require a secret key, which an attacker must know to exploit the issue.

Additionally, monitor for any unexpected device reloads that could indicate exploitation attempts.

Applying any available patches or updates from Cisco for Secure Firewall ASA Software and Secure FTD Software is recommended once released.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-20020

Buffer Overflow in Cisco ASA/FTD OSPF Causes DoS

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart