Detections
Analytics

Cisco Adaptive Security Appliance (ASA) Software VPN DoS Vulnerabilities (cisco-sa-asaftd-vpn-m9sx6MbC)

high Nessus Plugin ID 311445

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco ASA Software is affected by multiple vulnerabilities.

 - A vulnerability in the Lua interpreter of the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with valid VPN credentials to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. (CVE-2026-20100)

 - A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient error checking in VPN authentication message processing. (CVE-2026-20101)

 - A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory, resulting in a denial of service (DoS) condition to new Remote Access SSL VPN connections.
 This vulnerability is due to insufficient input validation. (CVE-2026-20103)

 - A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with valid VPN credentials to exhaust device memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation. (CVE-2026-20105)

 - A vulnerability in the Remote Access SSL VPN, HTTP management, and MUS functionalities of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory, resulting in a denial of service (DoS) condition that would require a manual reboot. (CVE-2026-20106)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwo49932, CSCwo49934, CSCwo73886, CSCwo73889, CSCwo73891

See Also

http://www.nessus.org/u?73afe95c

http://www.nessus.org/u?9bdcf7ff

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo49932

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo49934

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo73886

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo73889

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo73891

Plugin Details

Severity: High

ID: 311445

File Name: cisco-sa-asaftd-vpn-m9sx6MbC-asa.nasl

Version: 1.1

Type: Local

Family: CISCO

Published: 5/1/2026

Updated: 5/1/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2026-20103

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:cisco:adaptive_security_appliance_software

Required KB Items: Host/Cisco/ASA

Patch Publication Date: 3/4/2026

Vulnerability Publication Date: 3/4/2026

Reference Information

CVE: CVE-2026-20100, CVE-2026-20101, CVE-2026-20103, CVE-2026-20105, CVE-2026-20106