anonhaven
Ad

CVE-2026-20039

HIGH CVSS 3.1: 8.6 EPSS 0.08%
Updated Apr 16, 2026
Cisco
Parameter Value
CVSS 8.6 (HIGH)
Affected Versions 6.4.0 — 9.23.1.3
Fixed In 9.16.4.84
Type CWE-244
Vendor Cisco
Public PoC No

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device.

A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-244

Vulnerable Products 10

Configuration From (including) Up to (excluding)
Cisco Adaptive_Security_Appliance_Software
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
 9.12.1 9.16.4.84
Cisco Adaptive_Security_Appliance_Software
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
 9.17.1 9.18.4.57
Cisco Adaptive_Security_Appliance_Software
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
 9.19.1 9.20.3.16
Cisco Adaptive_Security_Appliance_Software
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
 9.22.1.1 9.22.2.4
Cisco Adaptive_Security_Appliance_Software
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
 9.23.1 9.23.1.3
Cisco Firepower_Threat_Defense_Software
cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
 6.4.0 7.0.9
Cisco Firepower_Threat_Defense_Software
cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
 7.1.0 7.2.10
Cisco Firepower_Threat_Defense_Software
cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
 7.3.0 7.4.3
Cisco Firepower_Threat_Defense_Software
cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
 7.6.0 7.6.1
Cisco Firepower_Threat_Defense_Software
cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
 7.7.0 7.7.10

References 1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c…
psirt@cisco.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-20021

Cisco

4.3

CVE-2026-20131

Cisco

10.0

CVE-2026-20106

Cisco

5.3

CVE-2026-20105

Cisco

7.7

CVE-2026-20103

Cisco

8.6