CVE-2026-20022
Received
Received - Intake
OSPF Packet Processing Buffer Overflow in Cisco ASA/FTD Causes DoS
Publication date: 2026-03-04
Last updated on: 2026-05-04
Assigner: Cisco Systems, Inc.
Description
Description
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon.
This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | adaptive_security_appliance_software | 9.16.3.23 |
| cisco | adaptive_security_appliance_software | 9.16.3.19 |
| cisco | adaptive_security_appliance_software | 9.16.3.15 |
| cisco | adaptive_security_appliance_software | 9.12.4.58 |
| cisco | adaptive_security_appliance_software | 9.12.4.56 |
| cisco | adaptive_security_appliance_software | 9.12.4.55 |
| cisco | adaptive_security_appliance_software | 9.12.4.54 |
| cisco | adaptive_security_appliance_software | 9.12.4.52 |
| cisco | adaptive_security_appliance_software | 9.12.4.50 |
| cisco | adaptive_security_appliance_software | 9.12.4.48 |
| cisco | adaptive_security_appliance_software | 9.12.4.47 |
| cisco | adaptive_security_appliance_software | 9.12.4.41 |
| cisco | adaptive_security_appliance_software | 9.12.4.40 |
| cisco | adaptive_security_appliance_software | 9.12.4.62 |
| cisco | adaptive_security_appliance_software | 9.12.4.65 |
| cisco | adaptive_security_appliance_software | 9.16.4.39 |
| cisco | adaptive_security_appliance_software | 9.16.4.42 |
| cisco | adaptive_security_appliance_software | 9.16.4.48 |
| cisco | adaptive_security_appliance_software | 9.16.4.55 |
| cisco | adaptive_security_appliance_software | 9.17.1.33 |
| cisco | adaptive_security_appliance_software | 9.18.3.56 |
| cisco | adaptive_security_appliance_software | 9.18.4 |
| cisco | adaptive_security_appliance_software | 9.18.4.5 |
| cisco | adaptive_security_appliance_software | 9.18.4.8 |
| cisco | adaptive_security_appliance_software | 9.19.1.22 |
| cisco | adaptive_security_appliance_software | 9.19.1.24 |
| cisco | adaptive_security_appliance_software | 9.19.1.27 |
| cisco | adaptive_security_appliance_software | 9.20.1 |
| cisco | adaptive_security_appliance_software | 9.20.1.5 |
| cisco | adaptive_security_appliance_software | 9.20.2 |
| cisco | adaptive_security_appliance_software | 9.20.2.21 |
| cisco | adaptive_security_appliance_software | 9.20.2.10 |
| cisco | adaptive_security_appliance_software | 9.19.1.31 |
| cisco | adaptive_security_appliance_software | 9.19.1.28 |
| cisco | adaptive_security_appliance_software | 9.18.4.24 |
| cisco | adaptive_security_appliance_software | 9.18.4.22 |
| cisco | adaptive_security_appliance_software | 9.17.1.39 |
| cisco | adaptive_security_appliance_software | 9.16.4.61 |
| cisco | adaptive_security_appliance_software | 9.16.4.57 |
| cisco | adaptive_security_appliance_software | 9.12.4.67 |
| cisco | adaptive_security_appliance_software | 9.20.3 |
| cisco | adaptive_security_appliance_software | 9.18.4.40 |
| cisco | adaptive_security_appliance_software | 9.16.4.70 |
| cisco | adaptive_security_appliance_software | 9.16.4.67 |
| cisco | adaptive_security_appliance_software | 9.20.2.22 |
| cisco | adaptive_security_appliance_software | 9.18.4.34 |
| cisco | adaptive_security_appliance_software | 9.18.4.29 |
| cisco | adaptive_security_appliance_software | 9.16.4.62 |
| cisco | adaptive_security_appliance_software | 9.20.3.4 |
| cisco | adaptive_security_appliance_software | 9.20.3.7 |
| cisco | adaptive_security_appliance_software | 9.22.1.1 |
| cisco | adaptive_security_appliance_software | 9.23.1 |
| cisco | adaptive_security_appliance_software | 9.16.4.71 |
| cisco | adaptive_security_appliance_software | 9.16.4.76 |
| cisco | adaptive_security_appliance_software | 9.16.4.82 |
| cisco | adaptive_security_appliance_software | 9.16.4.84 |
| cisco | adaptive_security_appliance_software | 9.16.4.85 |
| cisco | adaptive_security_appliance_software | 9.17.1.45 |
| cisco | adaptive_security_appliance_software | 9.17.1.46 |
| cisco | adaptive_security_appliance_software | 9.18.4.47 |
| cisco | adaptive_security_appliance_software | 9.18.4.50 |
| cisco | adaptive_security_appliance_software | 9.18.4.52 |
| cisco | adaptive_security_appliance_software | 9.18.4.53 |
| cisco | adaptive_security_appliance_software | 9.18.4.57 |
| cisco | adaptive_security_appliance_software | 9.18.4.66 |
| cisco | adaptive_security_appliance_software | 9.18.4.67 |
| cisco | adaptive_security_appliance_software | 9.18.4.68 |
| cisco | adaptive_security_appliance_software | 9.19.1.37 |
| cisco | adaptive_security_appliance_software | 9.19.1.38 |
| cisco | adaptive_security_appliance_software | 9.19.1.42 |
| cisco | adaptive_security_appliance_software | 9.20.3.10 |
| cisco | adaptive_security_appliance_software | 9.20.3.13 |
| cisco | adaptive_security_appliance_software | 9.20.3.16 |
| cisco | adaptive_security_appliance_software | 9.20.3.20 |
| cisco | adaptive_security_appliance_software | 9.20.3.9 |
| cisco | adaptive_security_appliance_software | 9.20.4 |
| cisco | adaptive_security_appliance_software | 9.20.4.10 |
| cisco | adaptive_security_appliance_software | 9.20.4.7 |
| cisco | adaptive_security_appliance_software | 9.22.1.2 |
| cisco | adaptive_security_appliance_software | 9.22.1.3 |
| cisco | adaptive_security_appliance_software | 9.22.1.6 |
| cisco | adaptive_security_appliance_software | 9.22.2 |
| cisco | adaptive_security_appliance_software | 9.22.2.13 |
| cisco | adaptive_security_appliance_software | 9.22.2.14 |
| cisco | adaptive_security_appliance_software | 9.22.2.4 |
| cisco | adaptive_security_appliance_software | 9.22.2.9 |
| cisco | adaptive_security_appliance_software | 9.23.1.13 |
| cisco | adaptive_security_appliance_software | 9.23.1.19 |
| cisco | adaptive_security_appliance_software | 9.23.1.3 |
| cisco | adaptive_security_appliance_software | 9.23.1.7 |
| cisco | adaptive_security_appliance_software | 9.20.4.14 |
| cisco | adaptive_security_appliance_software | 9.23.1.22 |
| cisco | firepower_threat_defense_software | 6.4.0 |
| cisco | firepower_threat_defense_software | 6.4.0.1 |
| cisco | firepower_threat_defense_software | 6.4.0.3 |
| cisco | firepower_threat_defense_software | 6.4.0.2 |
| cisco | firepower_threat_defense_software | 6.4.0.4 |
| cisco | firepower_threat_defense_software | 6.4.0.5 |
| cisco | firepower_threat_defense_software | 6.4.0.6 |
| cisco | firepower_threat_defense_software | 6.4.0.7 |
| cisco | firepower_threat_defense_software | 6.4.0.8 |
| cisco | firepower_threat_defense_software | 6.4.0.9 |
| cisco | firepower_threat_defense_software | 6.4.0.10 |
| cisco | firepower_threat_defense_software | 6.4.0.11 |
| cisco | firepower_threat_defense_software | 6.4.0.12 |
| cisco | firepower_threat_defense_software | 6.4.0.13 |
| cisco | firepower_threat_defense_software | 6.4.0.14 |
| cisco | firepower_threat_defense_software | 6.4.0.15 |
| cisco | firepower_threat_defense_software | 6.4.0.16 |
| cisco | firepower_threat_defense_software | 6.4.0.17 |
| cisco | firepower_threat_defense_software | 7.0.0 |
| cisco | firepower_threat_defense_software | 7.0.0.1 |
| cisco | firepower_threat_defense_software | 7.0.1 |
| cisco | firepower_threat_defense_software | 7.0.1.1 |
| cisco | firepower_threat_defense_software | 7.0.2 |
| cisco | firepower_threat_defense_software | 7.0.2.1 |
| cisco | firepower_threat_defense_software | 7.0.3 |
| cisco | firepower_threat_defense_software | 7.0.4 |
| cisco | firepower_threat_defense_software | 7.0.5 |
| cisco | firepower_threat_defense_software | 7.0.6 |
| cisco | firepower_threat_defense_software | 7.0.6.1 |
| cisco | firepower_threat_defense_software | 7.1.0 |
| cisco | firepower_threat_defense_software | 7.1.0.1 |
| cisco | firepower_threat_defense_software | 7.1.0.2 |
| cisco | firepower_threat_defense_software | 7.1.0.3 |
| cisco | firepower_threat_defense_software | 7.2.0 |
| cisco | firepower_threat_defense_software | 7.2.0.1 |
| cisco | firepower_threat_defense_software | 7.2.1 |
| cisco | firepower_threat_defense_software | 7.2.2 |
| cisco | firepower_threat_defense_software | 7.2.3 |
| cisco | firepower_threat_defense_software | 7.2.4 |
| cisco | firepower_threat_defense_software | 7.2.4.1 |
| cisco | firepower_threat_defense_software | 7.2.5 |
| cisco | firepower_threat_defense_software | 7.2.5.1 |
| cisco | firepower_threat_defense_software | 7.3.0 |
| cisco | firepower_threat_defense_software | 7.3.1 |
| cisco | firepower_threat_defense_software | 7.3.1.1 |
| cisco | firepower_threat_defense_software | 7.4.0 |
| cisco | firepower_threat_defense_software | 7.4.1 |
| cisco | firepower_threat_defense_software | 7.4.1.1 |
| cisco | firepower_threat_defense_software | 7.3.1.2 |
| cisco | firepower_threat_defense_software | 7.2.8.1 |
| cisco | firepower_threat_defense_software | 7.2.8 |
| cisco | firepower_threat_defense_software | 7.2.5.2 |
| cisco | firepower_threat_defense_software | 7.2.7 |
| cisco | firepower_threat_defense_software | 7.2.6 |
| cisco | firepower_threat_defense_software | 7.0.6.2 |
| cisco | firepower_threat_defense_software | 6.4.0.18 |
| cisco | firepower_threat_defense_software | 7.4.2 |
| cisco | firepower_threat_defense_software | 7.0.6.3 |
| cisco | firepower_threat_defense_software | 7.0.7 |
| cisco | firepower_threat_defense_software | 7.0.8 |
| cisco | firepower_threat_defense_software | 7.0.8.1 |
| cisco | firepower_threat_defense_software | 7.2.9 |
| cisco | firepower_threat_defense_software | 7.4.2.1 |
| cisco | firepower_threat_defense_software | 7.4.2.2 |
| cisco | firepower_threat_defense_software | 7.4.2.3 |
| cisco | firepower_threat_defense_software | 7.4.2.4 |
| cisco | firepower_threat_defense_software | 7.6.0 |
| cisco | firepower_threat_defense_software | 7.7.0 |
| cisco | firepower_threat_defense_software | 7.2.10 |
| cisco | firepower_threat_defense_software | 7.2.10.2 |
| cisco | firepower_threat_defense_software | 7.6.1 |
| cisco | firepower_threat_defense_software | 7.6.2 |
| cisco | firepower_threat_defense_software | 7.6.2.1 |
| cisco | firepower_threat_defense_software | 7.7.10 |
| cisco | firepower_threat_defense_software | 7.7.10.1 |
| cisco | firepower_threat_defense_software | 7.4.3 |
| cisco | adaptive_security_appliance_software | 9.16.1 |
| cisco | adaptive_security_appliance_software | 9.12.2 |
| cisco | adaptive_security_appliance_software | 9.12.2.5 |
| cisco | adaptive_security_appliance_software | 9.12.4.4 |
| cisco | adaptive_security_appliance_software | 9.12.3.2 |
| cisco | adaptive_security_appliance_software | 9.12.3.7 |
| cisco | adaptive_security_appliance_software | 9.12.4 |
| cisco | adaptive_security_appliance_software | 9.12.3.12 |
| cisco | adaptive_security_appliance_software | 9.12.4.37 |
| cisco | adaptive_security_appliance_software | 9.12.4.38 |
| cisco | adaptive_security_appliance_software | 9.12.4.39 |
| cisco | adaptive_security_appliance_software | 9.17.1 |
| cisco | adaptive_security_appliance_software | 9.12.3 |
| cisco | adaptive_security_appliance_software | 9.12.3.9 |
| cisco | adaptive_security_appliance_software | 9.12.4.26 |
| cisco | adaptive_security_appliance_software | 9.12.4.30 |
| cisco | adaptive_security_appliance_software | 9.16.1.28 |
| cisco | adaptive_security_appliance_software | 9.17.1.7 |
| cisco | adaptive_security_appliance_software | 9.16.3.14 |
| cisco | adaptive_security_appliance_software | 9.16.4 |
| cisco | adaptive_security_appliance_software | 9.18.2.5 |
| cisco | adaptive_security_appliance_software | 9.17.1.10 |
| cisco | adaptive_security_appliance_software | 9.17.1.13 |
| cisco | adaptive_security_appliance_software | 9.18.1 |
| cisco | adaptive_security_appliance_software | 9.18.1.3 |
| cisco | adaptive_security_appliance_software | 9.12.1 |
| cisco | adaptive_security_appliance_software | 9.12.1.2 |
| cisco | adaptive_security_appliance_software | 9.12.1.3 |
| cisco | adaptive_security_appliance_software | 9.12.4.10 |
| cisco | adaptive_security_appliance_software | 9.12.4.13 |
| cisco | adaptive_security_appliance_software | 9.12.4.8 |
| cisco | adaptive_security_appliance_software | 9.12.4.18 |
| cisco | adaptive_security_appliance_software | 9.16.2.3 |
| cisco | adaptive_security_appliance_software | 9.16.2.7 |
| cisco | adaptive_security_appliance_software | 9.16.2.11 |
| cisco | adaptive_security_appliance_software | 9.16.2.13 |
| cisco | adaptive_security_appliance_software | 9.16.2.14 |
| cisco | adaptive_security_appliance_software | 9.17.1.11 |
| cisco | adaptive_security_appliance_software | 9.17.1.15 |
| cisco | adaptive_security_appliance_software | 9.12.4.2 |
| cisco | adaptive_security_appliance_software | 9.17.1.9 |
| cisco | adaptive_security_appliance_software | 9.12.2.4 |
| cisco | adaptive_security_appliance_software | 9.12.2.9 |
| cisco | adaptive_security_appliance_software | 9.12.2.1 |
| cisco | adaptive_security_appliance_software | 9.12.4.7 |
| cisco | adaptive_security_appliance_software | 9.12.4.24 |
| cisco | adaptive_security_appliance_software | 9.12.4.29 |
| cisco | adaptive_security_appliance_software | 9.12.4.35 |
| cisco | adaptive_security_appliance_software | 9.16.2 |
| cisco | adaptive_security_appliance_software | 9.16.3.3 |
| cisco | adaptive_security_appliance_software | 9.16.3 |
| cisco | adaptive_security_appliance_software | 9.18.2 |
| cisco | adaptive_security_appliance_software | 9.19.1.9 |
| cisco | adaptive_security_appliance_software | 9.19.1.5 |
| cisco | adaptive_security_appliance_software | 9.19.1.18 |
| cisco | adaptive_security_appliance_software | 9.19.1.12 |
| cisco | adaptive_security_appliance_software | 9.19.1 |
| cisco | adaptive_security_appliance_software | 9.18.3.55 |
| cisco | adaptive_security_appliance_software | 9.18.3.53 |
| cisco | adaptive_security_appliance_software | 9.18.3.46 |
| cisco | adaptive_security_appliance_software | 9.18.3.39 |
| cisco | adaptive_security_appliance_software | 9.18.3 |
| cisco | adaptive_security_appliance_software | 9.18.2.8 |
| cisco | adaptive_security_appliance_software | 9.18.2.7 |
| cisco | adaptive_security_appliance_software | 9.17.1.30 |
| cisco | adaptive_security_appliance_software | 9.17.1.20 |
| cisco | adaptive_security_appliance_software | 9.16.4.9 |
| cisco | adaptive_security_appliance_software | 9.16.4.38 |
| cisco | adaptive_security_appliance_software | 9.16.4.27 |
| cisco | adaptive_security_appliance_software | 9.16.4.19 |
| cisco | adaptive_security_appliance_software | 9.16.4.14 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-823 | The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the OSPF protocol implementation of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. It occurs due to insufficient input validation when processing OSPF Link State Update (LSU) packets.
An unauthenticated, adjacent attacker can exploit this by sending specially crafted OSPF packets when the OSPF canonicalization debug feature is enabled using the command debug ip ospf canon.
Successful exploitation allows the attacker to write to memory outside the intended packet data, causing the affected device to reload unexpectedly and resulting in a denial-of-service (DoS) condition.
How can this vulnerability impact me? :
This vulnerability can cause affected Cisco firewall devices to reload unexpectedly, leading to a denial-of-service (DoS) condition.
Such unexpected reloads can disrupt network security operations, potentially causing downtime and loss of network protection.
Because the attack requires adjacency and the debug feature to be enabled, the risk is somewhat limited but still significant in environments where these conditions are met.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when OSPF canonicalization debug is enabled using the command debug ip ospf canon. Detection involves checking if this debug command is active on the affected Cisco Secure Firewall ASA or Cisco Secure FTD devices.
To detect if the vulnerability might be exploited or if the device is vulnerable, verify whether the debug ip ospf canon command is enabled and monitor for unexpected device reloads or crashes.
Suggested command to check if the debug is enabled: show debugging
If debug ip ospf canon is listed as enabled, the device is at risk if exposed to crafted unauthenticated OSPF packets.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to disable the OSPF canonicalization debug feature by turning off the debug ip ospf canon command on affected devices.
Additionally, restrict access to the device to prevent unauthenticated adjacent attackers from sending crafted OSPF packets.
Monitoring and limiting OSPF traffic from untrusted sources can also reduce the risk of exploitation.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70