CVE-2026-20103
Received Received - Intake
Memory Exhaustion DoS in Cisco ASA SSL VPN via Unvalidated Input

Publication date: 2026-03-04

Last updated on: 2026-04-16

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition to new Remote Access SSL VPN connections. This does not affect the management interface, though it may become temporarily unresponsive. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device web interface to stop responding, resulting in a DoS condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-04-16
Generated
2026-05-27
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-25
NVD
CVE-2026-20103
EUVD
EUVD-2026-9441
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software From 9.12.1 (inc) to 9.16.4.85 (exc)
cisco adaptive_security_appliance_software From 9.17.1 (inc) to 9.18.4.66 (exc)
cisco adaptive_security_appliance_software From 9.19.1 (inc) to 9.20.4 (exc)
cisco adaptive_security_appliance_software From 9.22.1.1 (inc) to 9.22.2.4 (exc)
cisco adaptive_security_appliance_software From 9.23.1 (inc) to 9.23.1.7 (exc)
cisco firepower_threat_defense_software From 6.4.0 (inc) to 7.0.9 (exc)
cisco firepower_threat_defense_software From 7.1.0 (inc) to 7.2.11 (exc)
cisco firepower_threat_defense_software From 7.3.0 (inc) to 7.4.3 (exc)
cisco firepower_threat_defense_software From 7.6.0 (inc) to 7.6.4 (exc)
cisco firepower_threat_defense_software From 7.7.0 (inc) to 7.7.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software.

It allows an unauthenticated, remote attacker to send specially crafted packets to the Remote Access SSL VPN server, which causes the device to trust user input without proper validation.

As a result, the attacker can exhaust the device's memory, leading to a denial of service (DoS) condition where new Remote Access SSL VPN connections are blocked and the device's web interface may stop responding temporarily.


How can this vulnerability impact me? :

The primary impact of this vulnerability is a denial of service (DoS) condition on the affected Cisco devices.

An attacker can remotely exhaust the device memory, preventing new Remote Access SSL VPN connections from being established.

Although the management interface is not directly affected, it may become temporarily unresponsive during the attack.

This disruption can impact network availability and remote access capabilities, potentially affecting business operations that rely on these VPN connections.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart