Memory Corruption Vulnerability in Cisco Secure Firewall Products
CVE-2026-20023

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Firewall Adaptive Security Appliance (asa) Software; Cisco Secure Firewall Threat Defense (ftd) Software
Vendor: CVE Published:; 4 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20023?

A potential memory corruption issue has been identified in the parsing of OSPF protocol packets on Cisco Secure Firewall Adaptive Security Appliance and Threat Defense Software. An attacker with adjacent access may exploit this flaw by sending specifically crafted OSPF packets, potentially leading to memory corruption. This can trigger a reboot of the affected device, thereby causing a denial of service condition. Organizations using these Cisco products should be aware of this vulnerability to ensure proper safeguarding measures are in place.

Affected Version(s)

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1.2

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 4, 2026
Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20023 Data

JSON