CVE-2026-20006 (GCVE-0-2026-20006)

Vulnerability from cvelistv5 – Published: 2026-03-04 17:37 – Updated: 2026-03-04 20:51
VLAI
Title
Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TLS with Snort 3 Denial of Service Vulnerability
Summary
A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper implementation of the TLS protocol. An attacker could exploit this vulnerability by sending a crafted TLS packet to an affected system. A successful exploit could allow the attacker to cause a device that is running Cisco Secure FTD Software to drop network traffic, resulting in a DoS condition.  Note: TLS 1.3 is not affected by this vulnerability.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Firewall Threat Defense (FTD) Software Affected: 7.2.0
Affected: 7.2.0.1
Affected: 7.2.1
Affected: 7.3.0
Affected: 7.2.2
Affected: 7.2.3
Affected: 7.3.1
Affected: 7.2.4
Affected: 7.2.5
Affected: 7.2.4.1
Affected: 7.3.1.1
Affected: 7.4.0
Affected: 7.2.5.1
Affected: 7.4.1
Affected: 7.2.6
Affected: 7.4.1.1
Affected: 7.2.7
Affected: 7.2.5.2
Affected: 7.3.1.2
Affected: 7.2.8
Affected: 7.6.0
Affected: 7.4.2
Affected: 7.2.8.1
Affected: 7.4.2.1
Affected: 7.2.9
Affected: 7.4.2.2
Affected: 7.2.10
Affected: 7.6.1
Affected: 7.4.2.3
Affected: 7.6.2
Affected: 7.6.2.1
Affected: 7.4.2.4
Affected: 7.2.10.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T20:51:52.748707Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T20:51:58.937Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Firewall Threat Defense (FTD) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.3.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.2.8.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.9"
            },
            {
              "status": "affected",
              "version": "7.4.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.10"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.10.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to improper implementation of the TLS protocol. An attacker could exploit this vulnerability by sending a crafted TLS packet to an affected system. A successful exploit could allow the attacker to cause a device that is running Cisco Secure FTD Software to drop network traffic, resulting in a DoS condition.\u0026nbsp;\r\nNote: TLS 1.3 is not affected by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-388",
              "description": "Error Handling",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-04T17:37:54.866Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ftd-tcp-dos-rHfqnwRg",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-rHfqnwRg"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ftd-tcp-dos-rHfqnwRg",
        "defects": [
          "CSCwn73801"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TLS with Snort 3 Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20006",
    "datePublished": "2026-03-04T17:37:54.866Z",
    "dateReserved": "2025-10-08T11:59:15.349Z",
    "dateUpdated": "2026-03-04T20:51:58.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-20006",
      "date": "2026-07-04",
      "epss": "0.00373",
      "percentile": "0.29305"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-20006\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2026-03-04T18:16:13.803\",\"lastModified\":\"2026-06-17T10:16:52.017\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition.\\r\\n\\r\\nThis vulnerability is due to improper implementation of the TLS protocol. An attacker could exploit this vulnerability by sending a crafted TLS packet to an affected system. A successful exploit could allow the attacker to cause a device that is running Cisco Secure FTD Software to drop network traffic, resulting in a DoS condition.\u0026nbsp;\\r\\nNote: TLS 1.3 is not affected by this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la funcionalidad de criptograf\u00eda TLS del motor de detecci\u00f3n Snort 3 del software Cisco Secure Firewall Threat Defense (FTD) podr\u00eda permitir a un atacante remoto no autenticado provocar que el motor de detecci\u00f3n Snort 3 se reinicie inesperadamente, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS).\\n\\nEsta vulnerabilidad se debe a una implementaci\u00f3n incorrecta del protocolo TLS. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete TLS manipulado a un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante provocar que un dispositivo que ejecuta el software Cisco Secure FTD descarte el tr\u00e1fico de red, lo que resultar\u00eda en una condici\u00f3n de DoS.\\nNota: TLS 1.3 no se ve afectado por esta vulnerabilidad.\"}],\"affected\":[{\"source\":\"psirt@cisco.com\",\"affectedData\":[{\"vendor\":\"Cisco\",\"product\":\"Cisco Secure Firewall Threat Defense (FTD) Software\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"7.2.0\",\"status\":\"affected\"},{\"version\":\"7.2.0.1\",\"status\":\"affected\"},{\"version\":\"7.2.1\",\"status\":\"affected\"},{\"version\":\"7.3.0\",\"status\":\"affected\"},{\"version\":\"7.2.2\",\"status\":\"affected\"},{\"version\":\"7.2.3\",\"status\":\"affected\"},{\"version\":\"7.3.1\",\"status\":\"affected\"},{\"version\":\"7.2.4\",\"status\":\"affected\"},{\"version\":\"7.2.5\",\"status\":\"affected\"},{\"version\":\"7.2.4.1\",\"status\":\"affected\"},{\"version\":\"7.3.1.1\",\"status\":\"affected\"},{\"version\":\"7.4.0\",\"status\":\"affected\"},{\"version\":\"7.2.5.1\",\"status\":\"affected\"},{\"version\":\"7.4.1\",\"status\":\"affected\"},{\"version\":\"7.2.6\",\"status\":\"affected\"},{\"version\":\"7.4.1.1\",\"status\":\"affected\"},{\"version\":\"7.2.7\",\"status\":\"affected\"},{\"version\":\"7.2.5.2\",\"status\":\"affected\"},{\"version\":\"7.3.1.2\",\"status\":\"affected\"},{\"version\":\"7.2.8\",\"status\":\"affected\"},{\"version\":\"7.6.0\",\"status\":\"affected\"},{\"version\":\"7.4.2\",\"status\":\"affected\"},{\"version\":\"7.2.8.1\",\"status\":\"affected\"},{\"version\":\"7.4.2.1\",\"status\":\"affected\"},{\"version\":\"7.2.9\",\"status\":\"affected\"},{\"version\":\"7.4.2.2\",\"status\":\"affected\"},{\"version\":\"7.2.10\",\"status\":\"affected\"},{\"version\":\"7.6.1\",\"status\":\"affected\"},{\"version\":\"7.4.2.3\",\"status\":\"affected\"},{\"version\":\"7.6.2\",\"status\":\"affected\"},{\"version\":\"7.6.2.1\",\"status\":\"affected\"},{\"version\":\"7.4.2.4\",\"status\":\"affected\"},{\"version\":\"7.2.10.2\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-04T20:51:52.748707Z\",\"id\":\"CVE-2026-20006\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-388\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-rHfqnwRg\",\"source\":\"psirt@cisco.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20006\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-04T20:51:52.748707Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-04T20:51:55.949Z\"}}], \"cna\": {\"title\": \"Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TLS with Snort 3 Denial of Service Vulnerability\", \"source\": {\"defects\": [\"CSCwn73801\"], \"advisory\": \"cisco-sa-ftd-tcp-dos-rHfqnwRg\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Secure Firewall Threat Defense (FTD) Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\"}, {\"status\": \"affected\", \"version\": \"7.2.0.1\"}, {\"status\": \"affected\", \"version\": \"7.2.1\"}, {\"status\": \"affected\", \"version\": \"7.3.0\"}, {\"status\": \"affected\", \"version\": \"7.2.2\"}, {\"status\": \"affected\", \"version\": \"7.2.3\"}, {\"status\": \"affected\", \"version\": \"7.3.1\"}, {\"status\": \"affected\", \"version\": \"7.2.4\"}, {\"status\": \"affected\", \"version\": \"7.2.5\"}, {\"status\": \"affected\", \"version\": \"7.2.4.1\"}, {\"status\": \"affected\", \"version\": \"7.3.1.1\"}, {\"status\": \"affected\", \"version\": \"7.4.0\"}, {\"status\": \"affected\", \"version\": \"7.2.5.1\"}, {\"status\": \"affected\", \"version\": \"7.4.1\"}, {\"status\": \"affected\", \"version\": \"7.2.6\"}, {\"status\": \"affected\", \"version\": \"7.4.1.1\"}, {\"status\": \"affected\", \"version\": \"7.2.7\"}, {\"status\": \"affected\", \"version\": \"7.2.5.2\"}, {\"status\": \"affected\", \"version\": \"7.3.1.2\"}, {\"status\": \"affected\", \"version\": \"7.2.8\"}, {\"status\": \"affected\", \"version\": \"7.6.0\"}, {\"status\": \"affected\", \"version\": \"7.4.2\"}, {\"status\": \"affected\", \"version\": \"7.2.8.1\"}, {\"status\": \"affected\", \"version\": \"7.4.2.1\"}, {\"status\": \"affected\", \"version\": \"7.2.9\"}, {\"status\": \"affected\", \"version\": \"7.4.2.2\"}, {\"status\": \"affected\", \"version\": \"7.2.10\"}, {\"status\": \"affected\", \"version\": \"7.6.1\"}, {\"status\": \"affected\", \"version\": \"7.4.2.3\"}, {\"status\": \"affected\", \"version\": \"7.6.2\"}, {\"status\": \"affected\", \"version\": \"7.6.2.1\"}, {\"status\": \"affected\", \"version\": \"7.4.2.4\"}, {\"status\": \"affected\", \"version\": \"7.2.10.2\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-rHfqnwRg\", \"name\": \"cisco-sa-ftd-tcp-dos-rHfqnwRg\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition.\\r\\n\\r\\nThis vulnerability is due to improper implementation of the TLS protocol. An attacker could exploit this vulnerability by sending a crafted TLS packet to an affected system. A successful exploit could allow the attacker to cause a device that is running Cisco Secure FTD Software to drop network traffic, resulting in a DoS condition.\u0026nbsp;\\r\\nNote: TLS 1.3 is not affected by this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-388\", \"description\": \"Error Handling\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2026-03-04T17:37:54.866Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-20006\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-04T20:51:58.937Z\", \"dateReserved\": \"2025-10-08T11:59:15.349Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2026-03-04T17:37:54.866Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…