SecuriTricks - CVE-2026-20024

Description

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key. This vulnerability is due to heap corruption in OSPF when parsing packets. An attacker could exploit this vulnerability by sending crafted packets to the OSPF service. A successful exploit could allow the attacker to corrupt the heap, causing the affected device to reload, resulting in a DoS condition.

Product(s) Impacted

Vendor	Product	Versions
Cisco	Secure Firewall Asa Software Secure Ftd Software	* *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	cisco	secure_firewall_asa_software	/	/	/	/	/	/	/	/
a	cisco	secure_ftd_software	/	/	/	/	/	/	/	/

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospf-ZH8PhbSW

CVSS Score

6.8 / 10

CVSS Data - 3.1

Attack Vector: ADJACENT_NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

View Vector String

Timeline

Published: March 4, 2026, 7:16 p.m.
Last Modified: March 5, 2026, 7:39 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-20024