CVE-2026-20009 — Improper Neutralization of Special Elements in Cisco Secure Firewall Adaptive Security Appliance Software

CWE-138 — Improper Neutralization of Special Elements4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 87.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Adaptive Security Appliance Software

Timeline

PublishedMar 4

Description

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific user. This vulnerability is due to insufficient validation of user input during the SSH authentication phase. An attacker could exploit this vulnerability by submitting crafted input during SSH authe…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5cisco/cisco_secure_firewall_adaptive_security_appliance_software82 versions+81

🔴Vulnerability Details

CVEList

Cisco Secure Firewall Adaptive Security Appliance SSH Partial Private Key Authentication Bypass Vulnerability↗2026-03-04

▶

GHSA

GHSA-fqfv-4r6p-w7m3: A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Applia↗2026-03-04

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability↗2026-03-04

▶