Filtered by vendor Cisco
Subscriptions
Filtered by product Firepower Threat Defense Software
Subscriptions
Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20024 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-05-04 | 6.8 Medium |
| A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key. This vulnerability is due to heap corruption in OSPF when parsing packets. An attacker could exploit this vulnerability by sending crafted packets to the OSPF service. A successful exploit could allow the attacker to corrupt the heap, causing the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2026-20023 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-05-04 | 6.1 Medium |
| A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to memory corruption when parsing OSPF protocol packets. An attacker could exploit this vulnerability by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to cause memory corruption causing the affected device to reboot, resulting in a DoS condition. | ||||
| CVE-2026-20064 | 1 Cisco | 2 Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-28 | 6.5 Medium |
| A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2026-20021 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-18 | 4.3 Medium |
| A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition. | ||||
| CVE-2026-20014 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-17 | 7.7 High |
| A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload. | ||||
| CVE-2026-20049 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-17 | 7.7 High |
| A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by sending crafted GCM-encrypted IPsec traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. To exploit this vulnerability, the attacker must have valid credentials to establish a VPN connection with the affected device. | ||||
| CVE-2026-20101 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 8.6 High |
| A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to insufficient error checking when processing SAML messages. An attacker could exploit this vulnerability by sending crafted SAML messages to the SAML service. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2026-20102 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 6.1 Medium |
| A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information. This vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device. | ||||
| CVE-2026-20103 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 8.6 High |
| A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition to new Remote Access SSL VPN connections. This does not affect the management interface, though it may become temporarily unresponsive. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device web interface to stop responding, resulting in a DoS condition. | ||||
| CVE-2026-20105 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 7.7 High |
| A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory resulting in a denial of service (DoS) condition.This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2026-20106 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 5.3 Medium |
| A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition. | ||||
| CVE-2026-20008 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 6 Medium |
| A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root. This vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials. | ||||
| CVE-2026-20013 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 5.8 Medium |
| A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to memory exhaustion caused by not freeing memory during IKEv2 packet processing. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to manually reload. | ||||
| CVE-2026-20015 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 5.8 Medium |
| A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of services to devices elsewhere in the network. This vulnerability is due to a memory leak when parsing IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to be manually reloaded. | ||||
| CVE-2026-20039 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 8.6 High |
| A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2026-20050 | 1 Cisco | 2 Firepower Threat Defense Software, Secure Firewall Threat Defense | 2026-04-16 | 6.8 Medium |
| A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management during the inspection of TLS 1.2 encrypted traffic. An attacker could exploit this vulnerability by sending crafted TLS 1.2 encrypted traffic through an affected device. A successful exploit could allow the attacker to cause a reload of an affected device. Note: This vulnerability only affects traffic that is encrypted by TLS 1.2. Other versions of TLS are not affected. | ||||
| CVE-2025-20219 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2026-04-15 | 5.3 Medium |
| A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface. This vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a loopback interface on an affected device. A successful exploit could allow the attacker to bypass configured access control rules and send traffic that should have been blocked to a loopback interface on the device. | ||||
| CVE-2025-20268 | 1 Cisco | 1 Firepower Threat Defense Software | 2026-04-15 | 5.8 Medium |
| A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region. This vulnerability exists because the URL string is not fully parsed. An attacker could exploit this vulnerability by sending a crafted HTTP connection through the targeted device. A successful exploit could allow the attacker to bypass configured policies and gain access to a network where the connection should have been denied. | ||||
| CVE-2025-20239 | 1 Cisco | 5 Adaptive Security Appliance Software, Firepower Threat Defense Software, Ios and 2 more | 2026-04-15 | 8.6 High |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to a lack of proper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. In the case of Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly. In the case of Cisco ASA and FTD Software, a successful exploit could allow the attacker to partially exhaust system memory, causing system instability such as being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | ||||
| CVE-2025-20263 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2026-04-15 | 8.6 High |
| A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. This vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could cause the system to reload, resulting in a denial of service (DoS) condition. | ||||