Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.7
Cisco ASA and FTD Software Remote Access VPN Can Be Crashed by Malicious Input
CVE-2026-20105
Summary
A bug in the remote access VPN feature of Cisco's ASA and FTD software can allow an attacker to send malicious data to the VPN server, causing it to crash and become unresponsive. This can happen to any device with the vulnerable software, and it's essential to update the software as soon as possible to prevent downtime and security risks. Cisco has released a fix to address this issue, so it's crucial to apply the update to keep your system secure.
Original title
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authe...
Original description
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory resulting in a denial of service (DoS) condition.This does not affect the management or MUS interfaces.
This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
nvd CVSS3.1
7.7
Vulnerability type
CWE-401
Memory Leak
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026