{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20014", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.351Z", "datePublished": "2026-03-04T17:21:26.098Z", "dateUpdated": "2026-03-04T21:38:38.947Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-04T17:21:26.098Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network.\r\n\r This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload."}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software", "versions": [{"version": "9.18.1", "status": "affected"}, {"version": "9.18.1.3", "status": "affected"}, {"version": "9.18.2", "status": "affected"}, {"version": "9.18.2.5", "status": "affected"}, {"version": "9.18.2.7", "status": "affected"}, {"version": "9.18.2.8", "status": "affected"}, {"version": "9.18.3", "status": "affected"}, {"version": "9.18.3.39", "status": "affected"}, {"version": "9.18.3.46", "status": "affected"}, {"version": "9.18.3.53", "status": "affected"}, {"version": "9.18.3.55", "status": "affected"}, {"version": "9.18.3.56", "status": "affected"}, {"version": "9.18.4", "status": "affected"}, {"version": "9.18.4.5", "status": "affected"}, {"version": "9.18.4.8", "status": "affected"}, {"version": "9.18.4.22", "status": "affected"}, {"version": "9.18.4.24", "status": "affected"}, {"version": "9.18.4.29", "status": "affected"}, {"version": "9.18.4.34", "status": "affected"}, {"version": "9.18.4.40", "status": "affected"}, {"version": "9.18.4.47", "status": "affected"}, {"version": "9.18.4.50", "status": "affected"}, {"version": "9.18.4.52", "status": "affected"}, {"version": "9.18.4.53", "status": "affected"}, {"version": "9.18.4.57", "status": "affected"}, {"version": "9.18.4.66", "status": "affected"}, {"version": "9.18.4.67", "status": "affected"}, {"version": "9.18.4.68", "status": "affected"}, {"version": "9.19.1", "status": "affected"}, {"version": "9.19.1.5", "status": "affected"}, {"version": "9.19.1.9", "status": "affected"}, {"version": "9.19.1.12", "status": "affected"}, {"version": "9.19.1.18", "status": "affected"}, {"version": "9.19.1.22", "status": "affected"}, {"version": "9.19.1.24", "status": "affected"}, {"version": "9.19.1.27", "status": "affected"}, {"version": "9.19.1.28", "status": "affected"}, {"version": "9.19.1.31", "status": "affected"}, {"version": "9.19.1.37", "status": "affected"}, {"version": "9.19.1.38", "status": "affected"}, {"version": "9.19.1.42", "status": "affected"}, {"version": "9.20.1", "status": "affected"}, {"version": "9.20.1.5", "status": "affected"}, {"version": "9.20.2", "status": "affected"}, {"version": "9.20.2.10", "status": "affected"}, {"version": "9.20.2.21", "status": "affected"}, {"version": "9.20.2.22", "status": "affected"}, {"version": "9.20.3", "status": "affected"}, {"version": "9.20.3.4", "status": "affected"}, {"version": "9.20.3.7", "status": "affected"}, {"version": "9.20.3.9", "status": "affected"}, {"version": "9.20.3.10", "status": "affected"}, {"version": "9.20.3.13", "status": "affected"}, {"version": "9.20.3.16", "status": "affected"}, {"version": "9.20.3.20", "status": "affected"}, {"version": "9.20.4", "status": "affected"}, {"version": "9.20.4.7", "status": "affected"}, {"version": "9.22.1.1", "status": "affected"}, {"version": "9.22.1.3", "status": "affected"}, {"version": "9.22.1.2", "status": "affected"}, {"version": "9.22.1.6", "status": "affected"}, {"version": "9.22.2", "status": "affected"}, {"version": "9.22.2.4", "status": "affected"}, {"version": "9.22.2.9", "status": "affected"}, {"version": "9.23.1", "status": "affected"}, {"version": "9.23.1.3", "status": "affected"}, {"version": "9.23.1.7", "status": "affected"}, {"version": "9.23.1.13", "status": "affected"}]}, {"vendor": "Cisco", "product": "Cisco Secure Firewall Threat Defense (FTD) Software", "versions": [{"version": "7.2.0", "status": "affected"}, {"version": "7.2.0.1", "status": "affected"}, {"version": "7.2.1", "status": "affected"}, {"version": "7.2.2", "status": "affected"}, {"version": "7.2.3", "status": "affected"}, {"version": "7.2.4", "status": "affected"}, {"version": "7.2.4.1", "status": "affected"}, {"version": "7.2.5", "status": "affected"}, {"version": "7.2.5.1", "status": "affected"}, {"version": "7.2.6", "status": "affected"}, {"version": "7.2.7", "status": "affected"}, {"version": "7.2.5.2", "status": "affected"}, {"version": "7.2.8", "status": "affected"}, {"version": "7.2.8.1", "status": "affected"}, {"version": "7.2.9", "status": "affected"}, {"version": "7.2.10", "status": "affected"}, {"version": "7.2.10.2", "status": "affected"}, {"version": "7.3.0", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "7.3.1.1", "status": "affected"}, {"version": "7.3.1.2", "status": "affected"}, {"version": "7.4.0", "status": "affected"}, {"version": "7.4.1", "status": "affected"}, {"version": "7.4.1.1", "status": "affected"}, {"version": "7.4.2", "status": "affected"}, {"version": "7.4.2.1", "status": "affected"}, {"version": "7.4.2.2", "status": "affected"}, {"version": "7.4.2.3", "status": "affected"}, {"version": "7.4.2.4", "status": "affected"}, {"version": "7.6.0", "status": "affected"}, {"version": "7.6.1", "status": "affected"}, {"version": "7.6.2", "status": "affected"}, {"version": "7.6.2.1", "status": "affected"}, {"version": "7.7.0", "status": "affected"}, {"version": "7.7.10", "status": "affected"}, {"version": "7.7.10.1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Missing Release of Memory after Effective Lifetime", "type": "cwe", "cweId": "CWE-401"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG", "name": "cisco-sa-asaftd-ikev2-dos-eBueGdEG"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-asaftd-ikev2-dos-eBueGdEG", "discovery": "INTERNAL", "defects": ["CSCwq01516", "CSCwq50506"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T21:38:31.628005Z", "id": "CVE-2026-20014", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T21:38:38.947Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20014", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T21:38:31.628005Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T21:38:35.796Z"}}], "cna": {"source": {"defects": ["CSCwq01516", "CSCwq50506"], "advisory": "cisco-sa-asaftd-ikev2-dos-eBueGdEG", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software", "versions": [{"status": "affected", "version": "9.18.1"}, {"status": "affected", "version": "9.18.1.3"}, {"status": "affected", "version": "9.18.2"}, {"status": "affected", "version": "9.18.2.5"}, {"status": "affected", "version": "9.18.2.7"}, {"status": "affected", "version": "9.18.2.8"}, {"status": "affected", "version": "9.18.3"}, {"status": "affected", "version": "9.18.3.39"}, {"status": "affected", "version": "9.18.3.46"}, {"status": "affected", "version": "9.18.3.53"}, {"status": "affected", "version": "9.18.3.55"}, {"status": "affected", "version": "9.18.3.56"}, {"status": "affected", "version": "9.18.4"}, {"status": "affected", "version": "9.18.4.5"}, {"status": "affected", "version": "9.18.4.8"}, {"status": "affected", "version": "9.18.4.22"}, {"status": "affected", "version": "9.18.4.24"}, {"status": "affected", "version": "9.18.4.29"}, {"status": "affected", "version": "9.18.4.34"}, {"status": "affected", "version": "9.18.4.40"}, {"status": "affected", "version": "9.18.4.47"}, {"status": "affected", "version": "9.18.4.50"}, {"status": "affected", "version": "9.18.4.52"}, {"status": "affected", "version": "9.18.4.53"}, {"status": "affected", "version": "9.18.4.57"}, {"status": "affected", "version": "9.18.4.66"}, {"status": "affected", "version": "9.18.4.67"}, {"status": "affected", "version": "9.18.4.68"}, {"status": "affected", "version": "9.19.1"}, {"status": "affected", "version": "9.19.1.5"}, {"status": "affected", "version": "9.19.1.9"}, {"status": "affected", "version": "9.19.1.12"}, {"status": "affected", "version": "9.19.1.18"}, {"status": "affected", "version": "9.19.1.22"}, {"status": "affected", "version": "9.19.1.24"}, {"status": "affected", "version": "9.19.1.27"}, {"status": "affected", "version": "9.19.1.28"}, {"status": "affected", "version": "9.19.1.31"}, {"status": "affected", "version": "9.19.1.37"}, {"status": "affected", "version": "9.19.1.38"}, {"status": "affected", "version": "9.19.1.42"}, {"status": "affected", "version": "9.20.1"}, {"status": "affected", "version": "9.20.1.5"}, {"status": "affected", "version": "9.20.2"}, {"status": "affected", "version": "9.20.2.10"}, {"status": "affected", "version": "9.20.2.21"}, {"status": "affected", "version": "9.20.2.22"}, {"status": "affected", "version": "9.20.3"}, {"status": "affected", "version": "9.20.3.4"}, {"status": "affected", "version": "9.20.3.7"}, {"status": "affected", "version": "9.20.3.9"}, {"status": "affected", "version": "9.20.3.10"}, {"status": "affected", "version": "9.20.3.13"}, {"status": "affected", "version": "9.20.3.16"}, {"status": "affected", "version": "9.20.3.20"}, {"status": "affected", "version": "9.20.4"}, {"status": "affected", "version": "9.20.4.7"}, {"status": "affected", "version": "9.22.1.1"}, {"status": "affected", "version": "9.22.1.3"}, {"status": "affected", "version": "9.22.1.2"}, {"status": "affected", "version": "9.22.1.6"}, {"status": "affected", "version": "9.22.2"}, {"status": "affected", "version": "9.22.2.4"}, {"status": "affected", "version": "9.22.2.9"}, {"status": "affected", "version": "9.23.1"}, {"status": "affected", "version": "9.23.1.3"}, {"status": "affected", "version": "9.23.1.7"}, {"status": "affected", "version": "9.23.1.13"}]}, {"vendor": "Cisco", "product": "Cisco Secure Firewall Threat Defense (FTD) Software", "versions": [{"status": "affected", "version": "7.2.0"}, {"status": "affected", "version": "7.2.0.1"}, {"status": "affected", "version": "7.2.1"}, {"status": "affected", "version": "7.2.2"}, {"status": "affected", "version": "7.2.3"}, {"status": "affected", "version": "7.2.4"}, {"status": "affected", "version": "7.2.4.1"}, {"status": "affected", "version": "7.2.5"}, {"status": "affected", "version": "7.2.5.1"}, {"status": "affected", "version": "7.2.6"}, {"status": "affected", "version": "7.2.7"}, {"status": "affected", "version": "7.2.5.2"}, {"status": "affected", "version": "7.2.8"}, {"status": "affected", "version": "7.2.8.1"}, {"status": "affected", "version": "7.2.9"}, {"status": "affected", "version": "7.2.10"}, {"status": "affected", "version": "7.2.10.2"}, {"status": "affected", "version": "7.3.0"}, {"status": "affected", "version": "7.3.1"}, {"status": "affected", "version": "7.3.1.1"}, {"status": "affected", "version": "7.3.1.2"}, {"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.4.1"}, {"status": "affected", "version": "7.4.1.1"}, {"status": "affected", "version": "7.4.2"}, {"status": "affected", "version": "7.4.2.1"}, {"status": "affected", "version": "7.4.2.2"}, {"status": "affected", "version": "7.4.2.3"}, {"status": "affected", "version": "7.4.2.4"}, {"status": "affected", "version": "7.6.0"}, {"status": "affected", "version": "7.6.1"}, {"status": "affected", "version": "7.6.2"}, {"status": "affected", "version": "7.6.2.1"}, {"status": "affected", "version": "7.7.0"}, {"status": "affected", "version": "7.7.10"}, {"status": "affected", "version": "7.7.10.1"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG", "name": "cisco-sa-asaftd-ikev2-dos-eBueGdEG"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network.\r\n\r This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-04T17:21:26.098Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20014", "state": "PUBLISHED", "dateUpdated": "2026-03-04T21:38:38.947Z", "dateReserved": "2025-10-08T11:59:15.351Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-03-04T17:21:26.098Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "74292810-417D-42CC-9123-55166145E91D", "versionEndExcluding": "9.16.4.85", "versionStartIncluding": "9.12.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EFC1809-7619-43ED-80FD-0FC28C876879", "versionEndExcluding": "9.18.4.66", "versionStartIncluding": "9.17.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "4988A136-196A-448B-A416-992803647AB2", "versionEndExcluding": "9.20.4", "versionStartIncluding": "9.19.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "FED09C17-AE2F-41DB-AB9F-537E7D22CC22", "versionEndExcluding": "9.22.2.9", "versionStartIncluding": "9.22.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "852A0BF4-FF9A-47EE-8E3A-E31C545783F6", "versionEndExcluding": "9.23.1.13", "versionStartIncluding": "9.23.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "A02019B1-284B-4118-A544-9AA56216E741", "versionEndExcluding": "7.0.9", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DA98A98-A084-4DB0-B08F-33EB6C8607C0", "versionEndExcluding": "7.2.11", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "737DB8CE-EC0B-4221-A8BF-3E64702DE092", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "26A29A1A-8013-4CE1-8DE5-4C82778A1D96", "versionEndExcluding": "7.6.4", "versionStartIncluding": "7.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "A267F3D1-7449-4622-91AB-F9CA2DDDB61E", "versionEndExcluding": "7.7.11", "versionStartIncluding": "7.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network.\r\n\r This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload."}, {"lang": "es", "value": "Una vulnerabilidad en la caracter\u00edstica IKEv2 de Cisco Secure Firewall ASA Software y Cisco Secure FTD Software podr\u00eda permitir a un atacante remoto autenticado con credenciales de usuario VPN v\u00e1lidas causar una condici\u00f3n de DoS en un dispositivo afectado que tambi\u00e9n podr\u00eda impactar la disponibilidad de los servicios a dispositivos en otras partes de la red. Esta vulnerabilidad se debe al procesamiento incorrecto de paquetes IKEv2. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes IKEv2 manipulados y autenticados a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante agotar la memoria, provocando que el dispositivo se recargue."}], "id": "CVE-2026-20014", "lastModified": "2026-04-16T20:11:34.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-03-04T18:16:15.557", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.18.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.1.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.18.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.2.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.2.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.2.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.18.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.3.39"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.3.46"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.3.53"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.3.55"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.3.56"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.18.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.22"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.24"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.29"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.34"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.40"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.47"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.50"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.52"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.53"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.57"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.66"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.67"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.68"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.19.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.18"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.22"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.24"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.27"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.28"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.31"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.37"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.38"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.19.1.42"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.20.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.1.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.20.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.2.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.2.21"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.2.22"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.20.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.3.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.3.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.3.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.3.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.3.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.3.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.3.20"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.20.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.4.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.22.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.22.1.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.22.1.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.22.1.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.22.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.22.2.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.22.2.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.23.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.23.1.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.23.1.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.23.1.13"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software", "source": "cna", "vendor": "Cisco"}, "product": "adaptive_security_appliance_software", "vendor": "cisco"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.2.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.2.4.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.2.5.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.2.8.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.2.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.2.10.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.3.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.3.1.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.4.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.4.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.4.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.4.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.4.2.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.4.2.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.4.2.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.4.2.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.6.2.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.7.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.7.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.7.10.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Cisco Secure Firewall Threat Defense (FTD) Software", "source": "cna", "vendor": "Cisco"}, "product": "secure_firewall_threat_defense", "vendor": "cisco"}], "analysis": {"en": {"generated_at": "2026-04-17T13:07:26.217066+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011supplied patch or update to the most recent trusted release promptly.", "Restrict network access to the IKEv2 endpoint and enforce strong authentication policies, ensuring that only authorized users can initiate VPN connections.", "If a patch is not yet available, consider temporarily disabling IKEv2 on the affected device or removing the VPN service from critical network paths.", "Deploy monitoring to detect abnormal memory usage or repeated reloads that may indicate an attempt to trigger this DoS."], "summary": {"action": "Apply Patch", "impact": "Denial of Service affecting device availability and downstream network services"}, "threat_synthesis": {"affected_systems": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software are the impacted products. No specific version information is provided in the advisory; any current installation is potentially vulnerable.", "description_and_impact": "A remote authenticated attacker who holds valid VPN user credentials can send specially crafted IKEv2 packets to an affected Cisco Secure Firewall device. The device\u2019s improper handling of these packets causes memory exhaustion, forcing the system to reload. This denial of service disrupts not only the targeted firewall but can also impact the availability of services on other devices in the network. The underlying weakness is a memory leak, classified as CWE-401.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 7.7, indicating a high severity. EPSS indicates a low exploitation probability (<1%), and the issue is not listed in the CISA KEV catalog. The likely attack vector is an authenticated remote user leveraging VPN access; exploitation requires the attacker to have valid credentials but does not demand additional privileged access."}}}}, "created": "2026-03-05T09:06:29.387275+00:00", "title": "Authenticated Remote IKEv2 DoS Causing Device Reload", "updated": "2026-04-17T13:15:19.667968+00:00", "vendors": ["cisco", "cisco$PRODUCT$adaptive_security_appliance_software", "cisco$PRODUCT$secure_firewall_threat_defense"]}