CVE-2026-20022

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall ASA Software (affected versions not specified) Cisco Secure FTD Software (affected versions not specified)

Description A flaw exists in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software. An unauthenticated, adjacent attacker can trigger an unexpected reload of the device, leading to a denial-of-service (DoS) condition when OSPF canonicalization debug is enabled using the debug ip ospf canon command. This is caused by inadequate input validation when handling OSPF Link State Update (LSU) packets. An attacker could exploit this by sending specially crafted OSPF packets, potentially allowing them to write to memory outside the allocated packet data, resulting in the device reload and DoS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.