CVE-2026-20014

CVE Database · CVE-2026-20014

CVE-2026-20014

· HIGHAnalyzed

CVSS v3.1

7.7

EPSS

0.29%

Published

Mar 4, 2026

Modified

Apr 16, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-401

Affected Products (10)

cisco · adaptive_security_appliance_software (up to 9.16.4.85)vulnerable

cisco · adaptive_security_appliance_software (up to 9.18.4.66)vulnerable

cisco · adaptive_security_appliance_software (up to 9.20.4)vulnerable

cisco · adaptive_security_appliance_software (up to 9.22.2.9)vulnerable

cisco · adaptive_security_appliance_software (up to 9.23.1.13)vulnerable

cisco · firepower_threat_defense_software (up to 7.0.9)vulnerable

cisco · firepower_threat_defense_software (up to 7.2.11)vulnerable

cisco · firepower_threat_defense_software (up to 7.4.3)

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs