CVE-2026-20014
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
2Tags
Description
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload.
Analysis
Memory exhaustion in Cisco Secure Firewall ASA and FTD IKEv2 implementations allows authenticated remote attackers with valid VPN credentials to trigger device reloads by sending crafted packets, disrupting firewall availability and downstream network services. The vulnerability stems from improper IKEv2 packet processing that fails to constrain memory allocation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all affected Cisco ASA and FTD devices and document current VPN user access patterns. Within 7 days: Implement network segmentation to restrict IKEv2 traffic to trusted sources only and enable enhanced monitoring for anomalous VPN authentication attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today