Cyber Posture

CVE-2026-20039

High

Published: 04 March 2026

Published
04 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0008 24.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

Security Summary

CVE-2026-20039 is a vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. It stems from ineffective memory management, which could allow an unauthenticated, remote attacker to trigger a denial-of-service (DoS) condition. The issue has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-244 (Improper Clearing of Heap Memory Before Release).

An unauthenticated, remote attacker can exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. Successful exploitation would cause the device to reload, resulting in a DoS condition that disrupts network traffic processing until the device recovers.

The Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-SpOFF2Re provides details on affected software versions, workarounds, and available patches for mitigation. Security practitioners should review the advisory for fixed releases and apply updates promptly to exposed VPN interfaces.

Details

CWE(s)
CWE-244

Affected Products

cisco
adaptive security appliance software
9.12.1 — 9.16.4.84 · 9.17.1 — 9.18.4.57 · 9.19.1 — 9.20.3.16
cisco
firepower threat defense software
6.4.0 — 7.0.9 · 7.1.0 — 7.2.10 · 7.3.0 — 7.4.3

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Unauthenticated remote attacker exploits public-facing VPN web server with crafted HTTP requests, causing device reload and DoS via application exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References