CVE-2026-20020
Received Received - Intake
Buffer Overflow in Cisco ASA/FTD OSPF Causes DoS

Publication date: 2026-03-04

Last updated on: 2026-05-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability. This vulnerability is due to insufficient input validation when processing OSPF update packets. An attacker could exploit this vulnerability by sending crafted OSPF update packets. A successful exploit could allow the attacker to create a buffer overflow, causing the affected device to reload, resulting in a DoS condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20020
EUVD
EUVD-2026-9477
Affected Vendors & Products
Showing 221 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software 9.16.1
cisco adaptive_security_appliance_software 9.12.2
cisco adaptive_security_appliance_software 9.12.2.5
cisco adaptive_security_appliance_software 9.12.4.4
cisco adaptive_security_appliance_software 9.12.3.2
cisco adaptive_security_appliance_software 9.12.3.7
cisco adaptive_security_appliance_software 9.12.4
cisco adaptive_security_appliance_software 9.12.3.12
cisco adaptive_security_appliance_software 9.12.4.37
cisco adaptive_security_appliance_software 9.12.4.38
cisco adaptive_security_appliance_software 9.12.4.39
cisco adaptive_security_appliance_software 9.17.1
cisco adaptive_security_appliance_software 9.12.3
cisco adaptive_security_appliance_software 9.12.3.9
cisco adaptive_security_appliance_software 9.12.4.26
cisco adaptive_security_appliance_software 9.12.4.30
cisco adaptive_security_appliance_software 9.16.1.28
cisco adaptive_security_appliance_software 9.17.1.7
cisco adaptive_security_appliance_software 9.16.3.14
cisco adaptive_security_appliance_software 9.16.4
cisco adaptive_security_appliance_software 9.18.2.5
cisco adaptive_security_appliance_software 9.17.1.10
cisco adaptive_security_appliance_software 9.17.1.13
cisco adaptive_security_appliance_software 9.18.1
cisco adaptive_security_appliance_software 9.18.1.3
cisco adaptive_security_appliance_software 9.12.1
cisco adaptive_security_appliance_software 9.12.1.2
cisco adaptive_security_appliance_software 9.12.1.3
cisco adaptive_security_appliance_software 9.12.4.10
cisco adaptive_security_appliance_software 9.12.4.13
cisco adaptive_security_appliance_software 9.12.4.8
cisco adaptive_security_appliance_software 9.12.4.18
cisco adaptive_security_appliance_software 9.16.2.3
cisco adaptive_security_appliance_software 9.16.2.7
cisco adaptive_security_appliance_software 9.16.2.11
cisco adaptive_security_appliance_software 9.16.2.13
cisco adaptive_security_appliance_software 9.16.2.14
cisco adaptive_security_appliance_software 9.17.1.11
cisco adaptive_security_appliance_software 9.17.1.15
cisco adaptive_security_appliance_software 9.12.4.2
cisco adaptive_security_appliance_software 9.17.1.9
cisco adaptive_security_appliance_software 9.12.2.4
cisco adaptive_security_appliance_software 9.12.2.9
cisco adaptive_security_appliance_software 9.12.2.1
cisco adaptive_security_appliance_software 9.12.4.7
cisco adaptive_security_appliance_software 9.12.4.24
cisco adaptive_security_appliance_software 9.12.4.29
cisco adaptive_security_appliance_software 9.12.4.35
cisco adaptive_security_appliance_software 9.16.2
cisco adaptive_security_appliance_software 9.16.3.3
cisco adaptive_security_appliance_software 9.16.3
cisco adaptive_security_appliance_software 9.18.2
cisco adaptive_security_appliance_software 9.19.1.9
cisco adaptive_security_appliance_software 9.19.1.5
cisco adaptive_security_appliance_software 9.19.1.18
cisco adaptive_security_appliance_software 9.19.1.12
cisco adaptive_security_appliance_software 9.19.1
cisco adaptive_security_appliance_software 9.18.3.55
cisco adaptive_security_appliance_software 9.18.3.53
cisco adaptive_security_appliance_software 9.18.3.46
cisco adaptive_security_appliance_software 9.18.3.39
cisco adaptive_security_appliance_software 9.18.3
cisco adaptive_security_appliance_software 9.18.2.8
cisco adaptive_security_appliance_software 9.18.2.7
cisco adaptive_security_appliance_software 9.17.1.30
cisco adaptive_security_appliance_software 9.17.1.20
cisco adaptive_security_appliance_software 9.16.4.9
cisco adaptive_security_appliance_software 9.16.4.38
cisco adaptive_security_appliance_software 9.16.4.27
cisco adaptive_security_appliance_software 9.16.4.19
cisco adaptive_security_appliance_software 9.16.4.14
cisco adaptive_security_appliance_software 9.16.3.23
cisco adaptive_security_appliance_software 9.16.3.19
cisco adaptive_security_appliance_software 9.16.3.15
cisco adaptive_security_appliance_software 9.12.4.58
cisco adaptive_security_appliance_software 9.12.4.56
cisco adaptive_security_appliance_software 9.12.4.55
cisco adaptive_security_appliance_software 9.12.4.54
cisco adaptive_security_appliance_software 9.12.4.52
cisco adaptive_security_appliance_software 9.12.4.50
cisco adaptive_security_appliance_software 9.12.4.48
cisco adaptive_security_appliance_software 9.12.4.47
cisco adaptive_security_appliance_software 9.12.4.41
cisco adaptive_security_appliance_software 9.12.4.40
cisco adaptive_security_appliance_software 9.12.4.62
cisco adaptive_security_appliance_software 9.12.4.65
cisco adaptive_security_appliance_software 9.16.4.39
cisco adaptive_security_appliance_software 9.16.4.42
cisco adaptive_security_appliance_software 9.16.4.48
cisco adaptive_security_appliance_software 9.16.4.55
cisco adaptive_security_appliance_software 9.17.1.33
cisco adaptive_security_appliance_software 9.18.3.56
cisco adaptive_security_appliance_software 9.18.4
cisco adaptive_security_appliance_software 9.18.4.5
cisco adaptive_security_appliance_software 9.18.4.8
cisco adaptive_security_appliance_software 9.19.1.22
cisco adaptive_security_appliance_software 9.19.1.24
cisco adaptive_security_appliance_software 9.19.1.27
cisco adaptive_security_appliance_software 9.20.1
cisco adaptive_security_appliance_software 9.20.1.5
cisco adaptive_security_appliance_software 9.20.2
cisco adaptive_security_appliance_software 9.20.2.21
cisco adaptive_security_appliance_software 9.20.2.10
cisco adaptive_security_appliance_software 9.19.1.31
cisco adaptive_security_appliance_software 9.19.1.28
cisco adaptive_security_appliance_software 9.18.4.24
cisco adaptive_security_appliance_software 9.18.4.22
cisco adaptive_security_appliance_software 9.17.1.39
cisco adaptive_security_appliance_software 9.16.4.61
cisco adaptive_security_appliance_software 9.16.4.57
cisco adaptive_security_appliance_software 9.12.4.67
cisco adaptive_security_appliance_software 9.20.3
cisco adaptive_security_appliance_software 9.18.4.40
cisco adaptive_security_appliance_software 9.16.4.70
cisco adaptive_security_appliance_software 9.16.4.67
cisco adaptive_security_appliance_software 9.20.2.22
cisco adaptive_security_appliance_software 9.18.4.34
cisco adaptive_security_appliance_software 9.18.4.29
cisco adaptive_security_appliance_software 9.16.4.62
cisco adaptive_security_appliance_software 9.20.3.4
cisco adaptive_security_appliance_software 9.20.3.7
cisco adaptive_security_appliance_software 9.22.1.1
cisco adaptive_security_appliance_software 9.23.1
cisco adaptive_security_appliance_software 9.16.4.71
cisco adaptive_security_appliance_software 9.16.4.76
cisco adaptive_security_appliance_software 9.16.4.82
cisco adaptive_security_appliance_software 9.16.4.84
cisco adaptive_security_appliance_software 9.16.4.85
cisco adaptive_security_appliance_software 9.17.1.45
cisco adaptive_security_appliance_software 9.17.1.46
cisco adaptive_security_appliance_software 9.18.4.47
cisco adaptive_security_appliance_software 9.18.4.50
cisco adaptive_security_appliance_software 9.18.4.52
cisco adaptive_security_appliance_software 9.18.4.53
cisco adaptive_security_appliance_software 9.18.4.57
cisco adaptive_security_appliance_software 9.19.1.37
cisco adaptive_security_appliance_software 9.19.1.38
cisco adaptive_security_appliance_software 9.19.1.42
cisco adaptive_security_appliance_software 9.20.3.10
cisco adaptive_security_appliance_software 9.20.3.13
cisco adaptive_security_appliance_software 9.20.3.16
cisco adaptive_security_appliance_software 9.20.3.20
cisco adaptive_security_appliance_software 9.20.3.9
cisco adaptive_security_appliance_software 9.22.1.2
cisco adaptive_security_appliance_software 9.22.1.3
cisco adaptive_security_appliance_software 9.22.1.6
cisco adaptive_security_appliance_software 9.22.2
cisco firepower_threat_defense 6.4.0
cisco firepower_threat_defense 7.1.0
cisco firepower_threat_defense 7.0.0
cisco firepower_threat_defense 7.2.0.1
cisco firepower_threat_defense 7.0.1
cisco firepower_threat_defense 7.0.0.1
cisco firepower_threat_defense 7.0.1.1
cisco firepower_threat_defense 7.0.2
cisco firepower_threat_defense 7.0.2.1
cisco firepower_threat_defense 7.0.3
cisco firepower_threat_defense 7.0.4
cisco firepower_threat_defense 7.1.0.1
cisco firepower_threat_defense 7.1.0.2
cisco firepower_threat_defense 7.2.0
cisco firepower_threat_defense 6.4.0.1
cisco firepower_threat_defense 6.4.0.3
cisco firepower_threat_defense 6.4.0.2
cisco firepower_threat_defense 6.4.0.4
cisco firepower_threat_defense 6.4.0.5
cisco firepower_threat_defense 6.4.0.6
cisco firepower_threat_defense 6.4.0.7
cisco firepower_threat_defense 6.4.0.8
cisco firepower_threat_defense 6.4.0.9
cisco firepower_threat_defense 6.4.0.10
cisco firepower_threat_defense 6.4.0.11
cisco firepower_threat_defense 6.4.0.12
cisco firepower_threat_defense 6.4.0.13
cisco firepower_threat_defense 6.4.0.14
cisco firepower_threat_defense 7.2.1
cisco firepower_threat_defense 7.2.2
cisco firepower_threat_defense 7.2.3
cisco firepower_threat_defense 7.3.1.1
cisco firepower_threat_defense 7.3.1
cisco firepower_threat_defense 7.3.0
cisco firepower_threat_defense 7.2.5
cisco firepower_threat_defense 7.2.4.1
cisco firepower_threat_defense 7.2.4
cisco firepower_threat_defense 7.1.0.3
cisco firepower_threat_defense 7.0.6
cisco firepower_threat_defense 7.0.5
cisco firepower_threat_defense 6.4.0.16
cisco firepower_threat_defense 6.4.0.15
cisco firepower_threat_defense 6.4.0.17
cisco firepower_threat_defense 7.0.6.1
cisco firepower_threat_defense 7.2.5.1
cisco firepower_threat_defense 7.4.0
cisco firepower_threat_defense 7.4.1
cisco firepower_threat_defense 7.4.1.1
cisco firepower_threat_defense 7.2.5.2
cisco firepower_threat_defense 7.3.1.2
cisco firepower_threat_defense 7.2.6
cisco firepower_threat_defense 7.2.7
cisco firepower_threat_defense 6.4.0.18
cisco firepower_threat_defense 7.0.6.2
cisco firepower_threat_defense 7.2.8
cisco firepower_threat_defense 7.2.8.1
cisco firepower_threat_defense 7.4.2
cisco firepower_threat_defense 7.0.6.3
cisco firepower_threat_defense 7.4.2.1
cisco firepower_threat_defense 7.6.0
cisco firepower_threat_defense 7.7.0
cisco firepower_threat_defense 7.0.7
cisco firepower_threat_defense 7.0.8
cisco firepower_threat_defense 7.0.8.1
cisco firepower_threat_defense 7.2.10
cisco firepower_threat_defense 7.2.10.2
cisco firepower_threat_defense 7.2.9
cisco firepower_threat_defense 7.4.2.2
cisco firepower_threat_defense 7.4.2.3
cisco firepower_threat_defense 7.4.2.4
cisco firepower_threat_defense 7.6.1
cisco firepower_threat_defense 7.6.2
cisco firepower_threat_defense 7.6.2.1
cisco firepower_threat_defense 7.7.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the OSPF protocol implementation of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. It is caused by insufficient input validation when processing OSPF update packets.

An unauthenticated, adjacent attacker can exploit this by sending specially crafted OSPF update packets, which can trigger a buffer overflow.

If OSPF authentication is enabled, the attacker must know the secret key to exploit the vulnerability.

A successful exploit causes the affected device to reload unexpectedly, resulting in a denial-of-service (DoS) condition.

Impact Analysis

This vulnerability can cause affected Cisco firewall devices to reload unexpectedly, leading to a denial-of-service (DoS) condition.

Such a DoS condition can disrupt network operations, potentially causing downtime and loss of connectivity for users relying on these devices.

If an attacker exploits this vulnerability, it could impact the availability of network security infrastructure.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that OSPF authentication is enabled to require a secret key, which an attacker must know to exploit the issue.

Additionally, monitor for any unexpected device reloads that could indicate exploitation attempts.

Applying any available patches or updates from Cisco for Secure Firewall ASA Software and Secure FTD Software is recommended once released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20020. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart