CVE-2026-20012

High

Published: 25 March 2026

Published

25 March 2026

Modified

26 March 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score 0.0014 33.9th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote…

attacker to trigger a memory leak, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit of Cisco IOS Software and IOS XE Software could allow the attacker to cause the affected device to reload, resulting in a DoS condition. A successful exploit of Cisco Secure Firewall ASA Software and Secure FTD Software could allow the attacker to partially exhaust system memory, resulting in system instability, such as the inability to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the specific flaw in IKEv2 packet parsing causing memory leaks and DoS by requiring timely installation of vendor patches.

SC-5 Denial-of-service Protection good match

preventdetect

Protects against DoS from crafted IKEv2 packets by monitoring traffic patterns and limiting resources to prevent service disruption.

SC-6 Resource Availability good match

prevent

Ensures resource availability by monitoring and restricting memory usage to mitigate exhaustion from repeated exploitation of the IKEv2 memory leak.

Security SummaryAI

CVE-2026-20012 is a vulnerability in the Internet Key Exchange version 2 (IKEv2) feature affecting Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software. The issue stems from improper parsing of IKEv2 packets, which could allow an unauthenticated, remote attacker to trigger a memory leak and cause a denial-of-service (DoS) condition. It has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-401 (Memory Leak).

An attacker can exploit this vulnerability by sending crafted IKEv2 packets to an affected device. For Cisco IOS Software and IOS XE Software, a successful exploit causes the device to reload, resulting in a DoS condition. For Cisco Secure Firewall ASA Software and FTD Software, it leads to partial exhaustion of system memory, causing instability such as the inability to establish new IKEv2 VPN sessions. Recovery requires a manual reboot of the device.

The Cisco Security Advisory provides details on mitigation and available patches: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-kPEpQGGK.

Details

CWE(s): CWE-401

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated remote attackers to send crafted IKEv2 packets causing memory leaks, device reloads, or resource exhaustion, directly enabling endpoint DoS via application/system exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-kPEpQGGK
psirt@cisco.com