Cyber Resilience

CVE-2026-20105

High

Published: 04 March 2026

Published
04 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0009 26.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20105 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2026-20105 is a memory exhaustion vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. The issue arises from the software trusting user input without proper validation, which could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory. This vulnerability does not affect the management or MUS interfaces and is rated with a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H), associated with CWE-401 (Memory Buffer of Resource Management Errors).

An attacker must possess a valid, authenticated Remote Access SSL VPN connection to exploit this vulnerability. By sending crafted packets to the VPN server, the attacker can trigger memory exhaustion on the device, leading to a reload and a denial-of-service (DoS) condition that disrupts VPN services.

Cisco has published a security advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC providing details on the vulnerability, affected versions, and recommended mitigation steps, including software updates.

EU & UK References

Vulnerability details

A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory…

more

resulting in a denial of service (DoS) condition.This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Memory exhaustion via crafted packets over authenticated SSL VPN directly enables application/system exploitation to trigger device reload and DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20014Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20049Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20101Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20103Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20039Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20100Same product: Cisco Adaptive Security Appliance Software
CVE-2025-20115Same vendor: Cisco
CVE-2025-20175Same vendor: Cisco
CVE-2025-20171Same vendor: Cisco
CVE-2025-20343Same vendor: Cisco

Affected Assets

cisco
adaptive security appliance software
9.12.1 — 9.16.4.85 · 9.17.1 — 9.18.4.66 · 9.19.1 — 9.20.4
cisco
firepower threat defense software
6.4.0 — 7.0.9 · 7.1.0 — 7.2.11 · 7.3.0 — 7.4.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the root cause by requiring validation of user-supplied inputs to prevent crafted packets from exhausting device memory in the SSL VPN functionality.

preventdetect

Provides denial-of-service protections tailored to block memory exhaustion attacks from authenticated remote VPN connections using crafted packets.

prevent

Ensures availability of critical resources like memory against exhaustion by limiting allocation and usage during remote SSL VPN sessions.

References