VDB
CVE-2026-20073
CVE-2026-20073
PUBLISHED
CVSS 5.800000190734863 MEDIUM
A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device. This vulnerability is due to improper error handling when an affected device that is joining a cluster runs out of memory while replicating access control rules. An attacker could exploit this vulnerability by sending traffic that should be blocked through the device. A successful exploit could allow the attacker to bypass access controls and reach devices in protected networks.
EPSS 0.03% · 8.0th percentile
Risk Scores
CVSS 3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.03%
8.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 6.4.0.1, 6.4.0.2, 6.4.0 |
| Cisco | Cisco Secure Firewall Adaptive Security Appliance (ASA) Software | 9.17.1, 9.16.4.38, 9.17.1.33 |
Exploit Intelligence
Timeline
- Oct 8, 2025 CVE ID Reserved
- Mar 4, 2026 CVE Published
- Mar 4, 2026 CVE Updated
- Mar 5, 2026 EPSS Score
- Mar 6, 2026 EPSS Score
- Mar 7, 2026 EPSS Score
- Mar 9, 2026 EPSS Score
- Mar 10, 2026 EPSS Score
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score