CVE-2026-20008: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root. This vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials.
CVE-2026-20008: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
Description
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root. This vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- cisco
- Date Reserved
- 2025-10-08T11:59:15.349Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69a86cded1a09e29cb4f1514
Added to database: 3/4/2026, 5:33:18 PM
Last updated: 3/4/2026, 5:34:14 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-26949: CWE-863: Incorrect Authorization in Dell Device Management Agent (DDMA)
MediumCVE-2026-20131: Deserialization of Untrusted Data in Cisco Cisco Secure Firewall Management Center (FMC)
CriticalCVE-2026-20106: Missing Release of Memory after Effective Lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
MediumCVE-2026-20105: Missing Release of Memory after Effective Lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
HighCVE-2026-20103: Allocation of Resources Without Limits or Throttling in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
HighActions
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.