CVE-2026-20039
Received Received - Intake
Memory Management DoS in Cisco ASA and FTD VPN Web Server

Publication date: 2026-03-04

Last updated on: 2026-04-16

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-04-16
Generated
2026-05-07
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20039
EUVD
EUVD-2026-9434
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software From 9.17.1 (inc) to 9.18.4.57 (exc)
cisco adaptive_security_appliance_software From 9.22.1.1 (inc) to 9.22.2.4 (exc)
cisco adaptive_security_appliance_software From 9.23.1 (inc) to 9.23.1.3 (exc)
cisco adaptive_security_appliance_software From 9.12.1 (inc) to 9.16.4.84 (exc)
cisco adaptive_security_appliance_software From 9.19.1 (inc) to 9.20.3.16 (exc)
cisco firepower_threat_defense_software From 6.4.0 (inc) to 7.0.9 (exc)
cisco firepower_threat_defense_software From 7.3.0 (inc) to 7.4.3 (exc)
cisco firepower_threat_defense_software From 7.7.0 (inc) to 7.7.10 (exc)
cisco firepower_threat_defense_software From 7.1.0 (inc) to 7.2.10 (exc)
cisco firepower_threat_defense_software From 7.6.0 (inc) to 7.6.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-244 Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.

It is caused by ineffective memory management in the VPN web server, which can be exploited by an unauthenticated, remote attacker.

The attacker can send a large number of specially crafted HTTP requests to the affected device, which may cause the device to reload unexpectedly.

This results in a denial of service (DoS) condition, making the device temporarily unavailable.


How can this vulnerability impact me? :

The primary impact of this vulnerability is a denial of service (DoS) condition on the affected device.

An attacker exploiting this vulnerability can cause the device to reload, disrupting normal operations and potentially causing network downtime.

This can affect availability of VPN services and network security functions provided by the Cisco Secure Firewall devices.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart