CVE-2026-20103
Published: 04 March 2026
Summary
CVE-2026-20103 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the vulnerability's root cause by requiring validation of user inputs, such as crafted packets to the SSL VPN server, to prevent memory exhaustion.
Provides comprehensive denial-of-service protection by monitoring traffic patterns and system resources to block or mitigate memory exhaustion attacks on SSL VPN connections.
Ensures resource availability by monitoring for and limiting memory usage, directly countering the exhaustion caused by unvalidated inputs in the Remote Access SSL VPN.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote exploitation of public-facing SSL VPN interface (T1190) directly leads to resource exhaustion DoS via crafted packets (T1499.004).
NVD Description
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of…
more
service (DoS) condition to new Remote Access SSL VPN connections. This does not affect the management interface, though it may become temporarily unresponsive. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device web interface to stop responding, resulting in a DoS condition.
Deeper analysisAI
CVE-2026-20103 is a vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. It stems from trusting user input without validation, allowing an unauthenticated, remote attacker to exhaust device memory. This results in a denial-of-service (DoS) condition specifically affecting new Remote Access SSL VPN connections, while the management interface remains unaffected but may become temporarily unresponsive. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-770 (Allocation of Resources Without Limits or Throttling).
An unauthenticated, remote attacker can exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit causes the device web interface to stop responding, leading to a DoS condition that prevents new SSL VPN connections.
The Cisco Security Advisory provides details on mitigation and available patches at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC.
Details
- CWE(s)