Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software OSPF Protocol Vulnerabilities

Monitor6.8cisco-sa-asaftd-ospf-ZH8PhbSWMar 4, 2026

CiscoEnergyManufacturing

IT in OT - Cisco networking products are commonly deployed in OT environments

Attack path

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in the OSPF feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software allow an adjacent attacker to crash the device by sending malformed OSPF protocol packets. The affected software includes ASA 5500-X Series, Firepower 1000/2100/4100/9000 Series, Secure Firewall 1200/3100/4200 Series, ISA 3000 Series, and ASAv. The device reloads unexpectedly, causing a denial of service. Cisco has released software updates; there are no workarounds available.

What this means

What could happen

An attacker on the same network segment could send specially crafted OSPF routing protocol packets that crash your Cisco firewall, causing it to restart and interrupting all traffic flowing through it, including critical control and data traffic to your operational equipment.

Who's at risk

This affects organizations running Cisco Secure Firewall appliances (ASA, FTD, or Secure Firewall models) with OSPF routing enabled, particularly in energy and manufacturing sectors. The ISA 3000 Series is specifically relevant if deployed in industrial networks. Any organization using these firewalls as perimeter security or for routing control traffic should review their OSPF configuration.

How it could be exploited

An attacker with access to the same local network (adjacent network) sends malicious OSPF protocol packets to the firewall. The firewall's OSPF processing code fails to properly validate the packets, causing the process to crash and the device to reload. No authentication is required because OSPF operates at the routing protocol level.

Prerequisites

Adjacent network access (same Layer 2 or routed network segment)
OSPF routing protocol enabled on the firewall
No prior authentication required

remotely exploitableno authentication requiredlow complexityaffects firewall availabilityimpacts network perimeter security

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (11)

11 with fix

ProductAffected VersionsFix Status

Firepower 2100 SeriesAll versionsFix available

ASA 5500-X Series FirewallsAll versionsFix available

3000 Series Industrial Security Appliances (ISA)All versionsFix available

Firepower 9000 SeriesAll versionsFix available

Firepower 4100 SeriesAll versionsFix available

Adaptive Security Virtual Appliance (ASAv)All versionsFix available

Firepower 1000 SeriesAll versionsFix available

Secure Firewall 3100 SeriesAll versionsFix available

Remediation & Mitigation

0/3

Do now

0/2

3000 Series Industrial Security Appliances (ISA)

WORKAROUNDIf OSPF is not required for your network operations, disable the OSPF feature on affected firewalls

All products

HARDENINGRestrict network access to the firewall's OSPF ports (typically UDP 89) to only trusted routing devices using network access control lists

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cisco ASA, FTD, or Secure Firewall software to the latest patched version released in March 2026 or later

CVEs (6)

CVE-2026-20022 CVE-2026-20024 CVE-2026-20020 CVE-2026-20021 CVE-2026-20025 CVE-2026-20023

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5b625205-1a0a-4e4a-9e15-5cb03001ef62

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.