CVE-2026-20073

MEDIUM

Cisco Adaptive Security Appliance Software - Unauthenticated Access Control Bypass via Memory Exhaustion

Title source: llm

Description

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device. This vulnerability is due to improper error handling when an affected device that is joining a cluster runs out of memory while replicating access control rules. An attacker could exploit this vulnerability by sending traffic that should be blocked through the device. A successful exploit could allow the attacker to bypass access controls and reach devices in protected networks.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-aclbypass-dos-CVxVRSvQ

Scores

CVSS v3 5.8

EPSS 0.0003

EPSS Percentile 7.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (50)

cisco/adaptive_security_appliance_software 9.12.1

cisco/adaptive_security_appliance_software 9.12.1.2

cisco/adaptive_security_appliance_software 9.12.1.3

cisco/adaptive_security_appliance_software 9.12.2

cisco/adaptive_security_appliance_software 9.12.2.1

cisco/adaptive_security_appliance_software 9.12.2.4

cisco/adaptive_security_appliance_software 9.12.2.5

cisco/adaptive_security_appliance_software 9.12.2.9

cisco/adaptive_security_appliance_software 9.12.3

cisco/adaptive_security_appliance_software 9.12.3.2

... and 40 more

Published Mar 04, 2026

Tracked Since Mar 05, 2026