CVE-2026-20013

CVE Database · CVE-2026-20013

CVE-2026-20013

· MEDIUMAnalyzed

CVSS v3.1

5.8

EPSS

0.30%

Published

Mar 4, 2026

Modified

Apr 16, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to memory exhaustion caused by not freeing memory during IKEv2 packet processing. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to manually reload.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Weaknesses (CWE)

CWE-401

Affected Products (8)

cisco · adaptive_security_appliance_software (up to 9.18.4.66)vulnerable

cisco · adaptive_security_appliance_software (up to 9.20.3.20)vulnerable

cisco · adaptive_security_appliance_software (up to 9.22.2.4)vulnerable

cisco · adaptive_security_appliance_software (up to 9.23.1.3)vulnerable

cisco · firepower_threat_defense_software (up to 7.2.11)vulnerable

cisco · firepower_threat_defense_software (up to 7.4.3)vulnerable

cisco · firepower_threat_defense_software (up to 7.6.4)vulnerable

cisco · firepower_threat_defense_software (up to 7.7.10)

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs