Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities

Plan Patch8.6cisco-sa-asaftd-vpn-m9sx6MbCMar 4, 2026

CiscoEnergyManufacturing

IT in OT - Cisco networking products are commonly deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in the Remote Access SSL VPN functionality of Cisco Secure Firewall ASA and Secure Firewall Threat Defense (FTD) Software allow a remote attacker to cause an affected device to stop responding or reload unexpectedly, resulting in a denial of service (DoS) condition. The firewall may require manual reboot to restore service. Cisco has released software updates that address these vulnerabilities. No workarounds are available.

What this means

What could happen

An attacker could remotely cause your Cisco firewall to stop responding or reload without warning, interrupting VPN access for remote workers and potentially disabling your network perimeter protection until manual recovery occurs.

Who's at risk

Energy and manufacturing facilities using Cisco Secure Firewall for network perimeter defense and remote access, including ASA 5500-X, Firepower 2100/4100/9000 Series, 3000 Series Industrial Security Appliances (ISA), and virtual appliances (ASAv, FTD Virtual).

How it could be exploited

An attacker can send specially crafted traffic to the SSL VPN interface of your Cisco Secure Firewall (ASA or FTD) over the network. The firewall processes this malformed VPN traffic and crashes or reloads, triggering a denial of service condition.

Prerequisites

Network reachability to the SSL VPN service port on the affected firewall (typically port 443)
The SSL VPN feature must be enabled on the firewall

remotely exploitableno authentication requiredlow complexityaffects network perimeter securityhigh CVSS score (8.6)no workarounds available

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (11)

11 with fix

ProductAffected VersionsFix Status

Firepower 2100 SeriesAll versionsFix available

ASA 5500-X Series FirewallsAll versionsFix available

3000 Series Industrial Security Appliances (ISA)All versionsFix available

Firepower 9000 SeriesAll versionsFix available

Firepower 4100 SeriesAll versionsFix available

Adaptive Security Virtual Appliance (ASAv)All versionsFix available

Firepower 1000 SeriesAll versionsFix available

Secure Firewall 3100 SeriesAll versionsFix available

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply Cisco software updates to your affected Secure Firewall ASA or Threat Defense (FTD) devices according to the official Cisco advisory

HOTFIXPrioritize patching firewalls that have SSL VPN enabled and are directly exposed to untrusted networks

CVEs (5)

CVE-2026-20100 CVE-2026-20101 CVE-2026-20103 CVE-2026-20105 CVE-2026-20106

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b161c404-c432-402b-b92a-2038a376ef43

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.