CVE-2026-20062
Improper Access Control in Cisco ASA SCP Allows Cross-Context File Access
Publication date: 2026-03-04
Last updated on: 2026-03-04
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_asa_software | From 9.17.1 (inc) to 9.23.0 (inc) |
| cisco | secure_firewall_adaptive_security_appliance | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-279 | While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Cisco Secure Firewall Adaptive Security Appliance (ASA) Software running in multiple context mode with the Cisco SSH stack enabled. It arises from improper access controls in the Secure Copy Protocol (SCP) operations within the CLI.
An authenticated local attacker who has administrative privileges in one non-admin context can exploit this flaw by issuing specially crafted SCP copy commands. This allows the attacker to copy files to or from another context, including sensitive configuration files belonging to admin and system contexts.
The attacker cannot list or enumerate files in other contexts and must know the exact file paths, which makes the attack more complex. Also, the vulnerability does not allow the attacker to directly impact the availability of services in other contexts.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with administrative access in one context to read, create, or overwrite sensitive files in other contexts, including critical configuration files.
This could lead to unauthorized disclosure or modification of sensitive information, potentially compromising the security and integrity of the firewall configurations across different contexts.
However, the attacker cannot disrupt the availability of services in other contexts, and must have valid administrative credentials in a non-admin context to exploit this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you need to verify if multiple context mode is enabled and if the Cisco SSH stack is active on your Cisco Secure Firewall ASA device.'}, {'type': 'list_item', 'content': 'Check if multiple context mode is enabled by running the command: show mode'}, {'type': 'list_item', 'content': 'Verify if the Cisco SSH stack is enabled by running the command: show ssh | include stack'}, {'type': 'paragraph', 'content': 'If the output of \'show mode\' shows "multiple" and \'show ssh | include stack\' shows "ciscoSSH stack : ENABLED", your device is potentially vulnerable if it is running an affected ASA Software release.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds available for this vulnerability. Cisco strongly recommends upgrading to fixed software releases to remediate the issue.
Immediate mitigation steps include:
- Identify if your device is running an affected ASA Software version with multiple context mode and Cisco SSH stack enabled.
- Plan and perform an upgrade to a fixed ASA Software release as provided by Cisco.
- Restrict administrative access to contexts to trusted users to reduce risk until the upgrade is applied.