CVE-2026-20050

A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management during the inspection of TLS 1.2 encrypted traffic. An attacker could exploit this vulnerability by sending crafted TLS 1.2 encrypted traffic through an affected device. A successful exploit could allow the attacker to cause a reload of an affected device. Note: This vulnerability only affects traffic that is encrypted by TLS 1.2. Other versions of TLS are not affected.

Severity	MEDIUM
CVSS	6.8
CWE	CWE-404
KEV
Published	2 months ago
Modified	1 month ago

Related Products

Product	Advisory
Cisco Secure Firewall Management Center (FMC)	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco RV Series Routers	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Nexus Dashboard	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Firepower Threat Defense Software	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Catalyst PON Series Switches	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco 3000 Series Routers	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Secure Firewall Threat Defense Virtual	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Secure Firewall Threat Defense (FTD) Software	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Secure Firewall 4200 Series	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Secure Firewall 3100 Series	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Secure Firewall 1200 Series	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Firepower 9000 Series	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Firepower 4100 Series	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Firepower 2100 Series	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco Firepower 1000 Series	cisco-sa-ftd-dnd-dos-bpEcg7B7
Cisco 3000 Series Industrial Security Appliances (ISA)	cisco-sa-ftd-dnd-dos-bpEcg7B7