CVE-2026-20049
Memory Allocation Vulnerability in Cisco ASA/FTD Causes DoS
Publication date: 2026-03-04
Last updated on: 2026-04-16
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | adaptive_security_appliance_software | From 9.22.1.1 (inc) to 9.22.2.4 (exc) |
| cisco | adaptive_security_appliance_software | From 9.18.1 (inc) to 9.18.4.66 (exc) |
| cisco | adaptive_security_appliance_software | From 9.19.1 (inc) to 9.20.3.20 (exc) |
| cisco | adaptive_security_appliance_software | From 9.23.1 (inc) to 9.23.1.3 (exc) |
| cisco | firepower_threat_defense_software | From 7.3.0 (inc) to 7.4.3 (exc) |
| cisco | firepower_threat_defense_software | From 7.6.0 (inc) to 7.6.4 (exc) |
| cisco | firepower_threat_defense_software | From 7.2.0 (inc) to 7.2.11 (exc) |
| cisco | firepower_threat_defense_software | From 7.7.0 (inc) to 7.7.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-131 | The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds available for this vulnerability.
Cisco strongly recommends upgrading to fixed software releases to fully remediate the issue.
Before upgrading, verify device memory and configuration compatibility.
If assistance is needed, contact Cisco Technical Assistance Center (TAC).
Can you explain this vulnerability to me?
This vulnerability affects Cisco Secure Firewall ASA and FTD Software in the way they process Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic.
It is caused by the allocation of an insufficiently sized memory block when handling this specific encrypted traffic.
An authenticated remote attacker with valid VPN credentials can exploit this by sending specially crafted GCM-encrypted IPsec traffic, which causes the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause an unexpected reload of the affected Cisco firewall device.
This leads to a denial of service (DoS) condition, making the device temporarily unavailable and potentially disrupting network security and connectivity.
Since the attacker must have valid VPN credentials, the risk is limited to authenticated users, but the impact on network availability can be significant.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To verify if a device is vulnerable to CVE-2026-20049, administrators can check if the device is configured to use GCM encryption modes for IPsec IKEv2.
- Run the CLI command: `show running-config crypto ipsec | include gcm`
Any output from this command indicates the use of a GCM cipher (aes-gcm, aes-gcm-192, or aes-gcm-256) and potential exposure to the vulnerability.