OSPF Protocol Vulnerability in Cisco Secure Firewall and FTD Software
CVE-2026-20020

6.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Firewall Adaptive Security Appliance (asa) Software; Cisco Secure Firewall Threat Defense (ftd) Software
Vendor: CVE Published:; 4 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20020?

A vulnerability has been identified in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. This issue arises from insufficient input validation when processing OSPF update packets, which could allow an unauthenticated attacker on the same network segment to execute a denial-of-service (DoS) attack. By sending specially crafted OSPF update packets, an attacker can manipulate the buffer, leading to an unexpected device reload. Although OSPF authentication provides a layer of security, the attacker must possess the secret key for exploitation. This situation highlights the importance of securing OSPF configurations to mitigate potential risks.

Affected Version(s)

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1.2

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 4, 2026
Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20020 Data

JSON