CVE-2026-20050

EUVD-2026-9457

04.03.2026, 18:16

A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper memory management during the inspection of TLS 1.2 encrypted traffic. An attacker could exploit this vulnerability by sending crafted TLS 1.2 encrypted traffic through an affected device. A successful exploit could allow the attacker to cause a reload of an affected device.
Note: This vulnerability only affects traffic that is encrypted by TLS 1.2. Other versions of TLS are not affected.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
cisco	firepower_threat_defense_software	7.1.0 ≤ 𝑥 < 7.2.11
cisco	firepower_threat_defense_software	7.3.0 ≤ 𝑥 < 7.4.4
cisco	firepower_threat_defense_software	7.6.0 ≤ 𝑥 < 7.6.4
cisco	firepower_threat_defense_software	7.7.0 ≤ 𝑥 < 7.7.11

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-404 - Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dnd-dos-bpEcg7B7