CVE-2026-20008
Received Received - Intake
Lua Code Injection in Cisco ASA/FTD CLI Allows Root Access

Publication date: 2026-03-04

Last updated on: 2026-04-16

Assigner: Cisco Systems, Inc.

Description
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root. This vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20008
EUVD
EUVD-2026-9428
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software From 9.12.1 (inc) to 9.16.4.85 (exc)
cisco adaptive_security_appliance_software From 9.17.1 (inc) to 9.18.4.66 (exc)
cisco adaptive_security_appliance_software From 9.19.1 (inc) to 9.20.4 (exc)
cisco adaptive_security_appliance_software From 9.22.1.1 (inc) to 9.22.2.4 (exc)
cisco adaptive_security_appliance_software From 9.23.1 (inc) to 9.23.1.7 (exc)
cisco firepower_threat_defense_software From 6.4.0 (inc) to 7.0.9 (exc)
cisco firepower_threat_defense_software From 7.1.0 (inc) to 7.2.11 (exc)
cisco firepower_threat_defense_software From 7.3.0 (inc) to 7.4.3 (exc)
cisco firepower_threat_defense_software From 7.6.0 (inc) to 7.6.4 (exc)
cisco firepower_threat_defense_software From 7.7.0 (inc) to 7.7.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. It arises because certain CLI commands that accept Lua code parameters do not properly sanitize user input.

An authenticated local attacker with valid Administrator credentials can exploit this by crafting and submitting malicious Lua code through these CLI commands. Successful exploitation allows the attacker to inject and execute arbitrary Lua code with root privileges on the underlying operating system.

This leads to a full compromise of the affected device.

Impact Analysis

If exploited, this vulnerability allows an attacker with Administrator credentials to execute arbitrary code as the root user on the device.

This means the attacker can fully compromise the device, potentially gaining complete control over its operations and data.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by using the Cisco Software Checker tool, which helps determine exposure and identify fixed software releases for Cisco Secure Firewall ASA and Secure FTD Software.

There are no specific commands provided in the available resources to detect this vulnerability directly on your system or network.

Mitigation Strategies

There are no available workarounds or mitigations for this vulnerability.

Cisco strongly recommends upgrading to fixed software releases to fully remediate the issue.

Before applying updates, ensure compatibility and sufficient device resources by following Cisco’s upgrade guides.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20008. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart