Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.8
Cisco Firewalls: Unauthenticated Attack Can Crash the Device
CVE-2026-20015
Summary
Attackers can crash Cisco firewalls by sending special packets, which can disrupt network services. This can happen without a password or login, and the only fix is to manually restart the device. Users should check for updates and apply any available patches to prevent this from happening.
Original title
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected devi...
Original description
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of services to devices elsewhere in the network.
This vulnerability is due to a memory leak when parsing IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to be manually reloaded.
This vulnerability is due to a memory leak when parsing IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to be manually reloaded.
nvd CVSS3.1
5.8
Vulnerability type
CWE-401
Memory Leak
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026