CVE-2026-20100
Published: 04 March 2026
Summary
CVE-2026-20100 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the root cause by requiring validation of untrusted user inputs in the LUA interpreter of the Remote Access SSL VPN feature to prevent crafted HTTP packets from causing a device reload.
Mandates timely remediation of the specific flaw in the LUA interpreter via patching as detailed in the Cisco Security Advisory.
Limits the effects of the DoS condition from unexpected device reloads triggered by authenticated attackers sending crafted packets over VPN.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated remote exploitation of input validation flaw (buffer issues) in VPN service directly enables application/system crash leading to DoS via crafted packets.
NVD Description
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection…
more
to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation in the LUA interprerter. An attacker could exploit this vulnerability by sending crafted HTTP packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Deeper analysisAI
CVE-2026-20100 is a vulnerability in the LUA interpreter of the Remote Access SSL VPN feature in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. The issue stems from trusting user input without validation, which could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability does not affect the management or MUS interfaces and has a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H), mapped to CWE-120 (Buffer Copy without Checking Size of Input).
An attacker must possess a valid VPN connection to the Remote Access SSL VPN server to exploit this vulnerability by sending crafted HTTP packets. Successful exploitation leads to an unexpected device reload, disrupting services and creating a DoS condition on the affected firewall.
The Cisco Security Advisory provides details on mitigation and patch information at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC.
Details
- CWE(s)