Cyber Resilience

CVE-2026-20100

High

Published: 04 March 2026

Published
04 March 2026
Modified
04 May 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0012 30.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20100 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 30.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-20100 is a vulnerability in the LUA interpreter of the Remote Access SSL VPN feature in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. The issue stems from trusting user input without validation, which could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability does not affect the management or MUS interfaces and has a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H), mapped to CWE-120 (Buffer Copy without Checking Size of Input).

An attacker must possess a valid VPN connection to the Remote Access SSL VPN server to exploit this vulnerability by sending crafted HTTP packets. Successful exploitation leads to an unexpected device reload, disrupting services and creating a DoS condition on the affected firewall.

The Cisco Security Advisory provides details on mitigation and patch information at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC.

EU & UK References

Vulnerability details

A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection…

more

to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation in the LUA interprerter. An attacker could exploit this vulnerability by sending crafted HTTP packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Authenticated remote exploitation of input validation flaw (buffer issues) in VPN service directly enables application/system crash leading to DoS via crafted packets.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20333Same product: Cisco Adaptive Security Appliance Software
CVE-2025-20115Same vendor: Cisco
CVE-2025-20362Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20105Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20049Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20014Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20101Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20103Same product: Cisco Adaptive Security Appliance Software
CVE-2026-20039Same product: Cisco Adaptive Security Appliance Software
CVE-2025-20171Same vendor: Cisco

Affected Assets

cisco
adaptive security appliance software
9.12.1, 9.12.1.2, 9.12.1.3, 9.12.2, 9.12.2.1
cisco
firepower threat defense
6.4.0, 6.4.0.1, 6.4.0.10, 6.4.0.11, 6.4.0.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause by requiring validation of untrusted user inputs in the LUA interpreter of the Remote Access SSL VPN feature to prevent crafted HTTP packets from causing a device reload.

prevent

Mandates timely remediation of the specific flaw in the LUA interpreter via patching as detailed in the Cisco Security Advisory.

preventdetect

Limits the effects of the DoS condition from unexpected device reloads triggered by authenticated attackers sending crafted packets over VPN.

References