Cyber Resilience

CVE-2026-20103

HighDDoS

Published: 04 March 2026

Published
04 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0035 26.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-20103 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2026-20103 is a vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. It stems from trusting user input without validation, allowing an unauthenticated, remote attacker to exhaust device memory. This results in a denial-of-service (DoS) condition specifically affecting new Remote Access SSL VPN connections, while the management interface remains unaffected but may become temporarily unresponsive. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-770 (Allocation of Resources Without Limits or Throttling).

An unauthenticated, remote attacker can exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit causes the device web interface to stop responding, leading to a DoS condition that prevents new SSL VPN connections.

The Cisco Security Advisory provides details on mitigation and available patches at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC.

EU & UK References

Vulnerability details

A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of…

more

service (DoS) condition to new Remote Access SSL VPN connections. This does not affect the management interface, though it may become temporarily unresponsive. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device web interface to stop responding, resulting in a DoS condition.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated remote exploitation of public-facing SSL VPN interface (T1190) directly leads to resource exhaustion DoS via crafted packets (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20039Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20014Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20105Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20049Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20101Same product: Cisco Adaptive Security Appliance Software
CVE-2025-20141Same vendor: Cisco
CVE-2025-20209Same vendor: Cisco
CVE-2026-20100Same product: Cisco Adaptive Security Appliance Software
CVE-2025-20142Same vendor: Cisco
CVE-2025-20333Same product: Cisco Adaptive Security Appliance Software

Affected Assets

cisco
adaptive security appliance software
9.12.1 — 9.16.4.85 · 9.17.1 — 9.18.4.66 · 9.19.1 — 9.20.4
cisco
firepower threat defense software
6.4.0 — 7.0.9 · 7.1.0 — 7.2.11 · 7.3.0 — 7.4.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the vulnerability's root cause by requiring validation of user inputs, such as crafted packets to the SSL VPN server, to prevent memory exhaustion.

preventdetect

Provides comprehensive denial-of-service protection by monitoring traffic patterns and system resources to block or mitigate memory exhaustion attacks on SSL VPN connections.

preventdetect

Ensures resource availability by monitoring for and limiting memory usage, directly countering the exhaustion caused by unvalidated inputs in the Remote Access SSL VPN.

References