CVE-2026-20021

A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-04 19:16

Updated : 2026-03-05 19:39

NVD link : CVE-2026-20021

Mitre link : CVE-2026-20021

CVE.ORG link : CVE-2026-20021

JSON object : View

Products Affected

No product.

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2026-20021", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-03-04T19:16:12.150", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW", "source": "psirt@cisco.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el protocolo OSPF del software Cisco Secure Firewall Adaptive Security Appliance (ASA) y del software Cisco Secure Firewall Threat Defense (FTD) podr\u00eda permitir a un atacante autenticado y adyacente agotar la memoria en un dispositivo afectado, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS).\nEsta vulnerabilidad se debe a la validaci\u00f3n incorrecta de la entrada por parte del protocolo OSPF al analizar paquetes. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes OSPF manipulados a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante agotar la memoria en el dispositivo afectado, lo que resultar\u00eda en una condici\u00f3n de DoS."}], "lastModified": "2026-03-05T19:39:11.967", "sourceIdentifier": "psirt@cisco.com"}