CVE-2026-20022

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon. This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-04 19:16

Updated : 2026-03-05 19:39

NVD link : CVE-2026-20022

Mitre link : CVE-2026-20022

CVE.ORG link : CVE-2026-20022

JSON object : View

Products Affected

No product.

CWE

CWE-823

Use of Out-of-range Pointer Offset

{"id": "CVE-2026-20022", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.6}]}, "published": "2026-03-04T19:16:12.640", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW", "source": "psirt@cisco.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-823"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon.\r\n\r This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el protocolo OSPF de Cisco Secure Cortafuegos ASA Software y Cisco Secure FTD Software podr\u00eda permitir a un atacante no autenticado y adyacente causar que un dispositivo afectado se recargue inesperadamente, resultando en una condici\u00f3n de DoS cuando la depuraci\u00f3n de canonicalizaci\u00f3n OSPF est\u00e1 habilitada usando el comando debug ip ospf canon. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente al procesar paquetes OSPF LSU. Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes OSPF no autenticados y manipulados. Un exploit exitoso podr\u00eda permitir al atacante escribir en la memoria fuera de los datos del paquete, causando que el dispositivo se recargue, resultando en una condici\u00f3n de DoS."}], "lastModified": "2026-03-05T19:39:11.967", "sourceIdentifier": "psirt@cisco.com"}