CVE-2026-20100

Received Received - Intake

LUA Injection in Cisco ASA VPN Causes Remote DoS

Publication date: 2026-03-04

Last updated on: 2026-05-04

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation in the LUA interprerter. An attacker could exploit this vulnerability by sending crafted HTTP packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-04

Last Modified

2026-05-04

Generated

2026-05-07

AI Q&A

2026-03-04

EPSS Evaluated

2026-05-05

NVD

CVE-2026-20100

EUVD

EUVD-2026-9439

Affected Vendors & Products

Vendor	Product	Version / Range
cisco	adaptive_security_appliance_software	9.16.1
cisco	adaptive_security_appliance_software	9.12.2
cisco	adaptive_security_appliance_software	9.12.2.5
cisco	adaptive_security_appliance_software	9.12.4.4
cisco	adaptive_security_appliance_software	9.12.3.2
cisco	adaptive_security_appliance_software	9.12.3.7
cisco	adaptive_security_appliance_software	9.12.4
cisco	adaptive_security_appliance_software	9.12.3.12
cisco	adaptive_security_appliance_software	9.12.4.37
cisco	adaptive_security_appliance_software	9.12.4.38
cisco	adaptive_security_appliance_software	9.12.4.39
cisco	adaptive_security_appliance_software	9.17.1
cisco	adaptive_security_appliance_software	9.12.3
cisco	adaptive_security_appliance_software	9.12.3.9
cisco	adaptive_security_appliance_software	9.12.4.26
cisco	adaptive_security_appliance_software	9.12.4.30
cisco	adaptive_security_appliance_software	9.16.1.28
cisco	adaptive_security_appliance_software	9.17.1.7
cisco	adaptive_security_appliance_software	9.16.3.14
cisco	adaptive_security_appliance_software	9.16.4
cisco	adaptive_security_appliance_software	9.18.2.5
cisco	adaptive_security_appliance_software	9.17.1.10
cisco	adaptive_security_appliance_software	9.17.1.13
cisco	adaptive_security_appliance_software	9.18.1
cisco	adaptive_security_appliance_software	9.18.1.3
cisco	adaptive_security_appliance_software	9.12.1
cisco	adaptive_security_appliance_software	9.12.1.2
cisco	adaptive_security_appliance_software	9.12.1.3
cisco	adaptive_security_appliance_software	9.12.4.10
cisco	adaptive_security_appliance_software	9.12.4.13
cisco	adaptive_security_appliance_software	9.12.4.8
cisco	adaptive_security_appliance_software	9.12.4.18
cisco	adaptive_security_appliance_software	9.16.2.3
cisco	adaptive_security_appliance_software	9.16.2.7
cisco	adaptive_security_appliance_software	9.16.2.11
cisco	adaptive_security_appliance_software	9.16.2.13
cisco	adaptive_security_appliance_software	9.16.2.14
cisco	adaptive_security_appliance_software	9.17.1.11
cisco	adaptive_security_appliance_software	9.17.1.15
cisco	adaptive_security_appliance_software	9.12.4.2
cisco	adaptive_security_appliance_software	9.17.1.9
cisco	adaptive_security_appliance_software	9.12.2.4
cisco	adaptive_security_appliance_software	9.12.2.9
cisco	adaptive_security_appliance_software	9.12.2.1
cisco	adaptive_security_appliance_software	9.12.4.7
cisco	adaptive_security_appliance_software	9.12.4.24
cisco	adaptive_security_appliance_software	9.12.4.29
cisco	adaptive_security_appliance_software	9.12.4.35
cisco	adaptive_security_appliance_software	9.16.2
cisco	adaptive_security_appliance_software	9.16.3.3
cisco	adaptive_security_appliance_software	9.16.3
cisco	adaptive_security_appliance_software	9.18.2
cisco	adaptive_security_appliance_software	9.19.1.9
cisco	adaptive_security_appliance_software	9.19.1.5
cisco	adaptive_security_appliance_software	9.19.1.18
cisco	adaptive_security_appliance_software	9.19.1.12
cisco	adaptive_security_appliance_software	9.19.1
cisco	adaptive_security_appliance_software	9.18.3.55
cisco	adaptive_security_appliance_software	9.18.3.53
cisco	adaptive_security_appliance_software	9.18.3.46
cisco	adaptive_security_appliance_software	9.18.3.39
cisco	adaptive_security_appliance_software	9.18.3
cisco	adaptive_security_appliance_software	9.18.2.8
cisco	adaptive_security_appliance_software	9.18.2.7
cisco	adaptive_security_appliance_software	9.17.1.30
cisco	adaptive_security_appliance_software	9.17.1.20
cisco	adaptive_security_appliance_software	9.16.4.9
cisco	adaptive_security_appliance_software	9.16.4.38
cisco	adaptive_security_appliance_software	9.16.4.27
cisco	adaptive_security_appliance_software	9.16.4.19
cisco	adaptive_security_appliance_software	9.16.4.14
cisco	adaptive_security_appliance_software	9.16.3.23
cisco	adaptive_security_appliance_software	9.16.3.19
cisco	adaptive_security_appliance_software	9.16.3.15
cisco	adaptive_security_appliance_software	9.12.4.58
cisco	adaptive_security_appliance_software	9.12.4.56
cisco	adaptive_security_appliance_software	9.12.4.55
cisco	adaptive_security_appliance_software	9.12.4.54
cisco	adaptive_security_appliance_software	9.12.4.52
cisco	adaptive_security_appliance_software	9.12.4.50
cisco	adaptive_security_appliance_software	9.12.4.48
cisco	adaptive_security_appliance_software	9.12.4.47
cisco	adaptive_security_appliance_software	9.12.4.41
cisco	adaptive_security_appliance_software	9.12.4.40
cisco	adaptive_security_appliance_software	9.12.4.62
cisco	adaptive_security_appliance_software	9.12.4.65
cisco	adaptive_security_appliance_software	9.16.4.39
cisco	adaptive_security_appliance_software	9.16.4.42
cisco	adaptive_security_appliance_software	9.16.4.48
cisco	adaptive_security_appliance_software	9.16.4.55
cisco	adaptive_security_appliance_software	9.17.1.33
cisco	adaptive_security_appliance_software	9.18.3.56
cisco	adaptive_security_appliance_software	9.18.4
cisco	adaptive_security_appliance_software	9.18.4.5
cisco	adaptive_security_appliance_software	9.18.4.8
cisco	adaptive_security_appliance_software	9.19.1.22
cisco	adaptive_security_appliance_software	9.19.1.24
cisco	adaptive_security_appliance_software	9.19.1.27
cisco	adaptive_security_appliance_software	9.20.1
cisco	adaptive_security_appliance_software	9.20.1.5
cisco	adaptive_security_appliance_software	9.20.2
cisco	adaptive_security_appliance_software	9.20.2.21
cisco	adaptive_security_appliance_software	9.20.2.10
cisco	adaptive_security_appliance_software	9.19.1.31
cisco	adaptive_security_appliance_software	9.19.1.28
cisco	adaptive_security_appliance_software	9.18.4.24
cisco	adaptive_security_appliance_software	9.18.4.22
cisco	adaptive_security_appliance_software	9.17.1.39
cisco	adaptive_security_appliance_software	9.16.4.61
cisco	adaptive_security_appliance_software	9.16.4.57
cisco	adaptive_security_appliance_software	9.12.4.67
cisco	adaptive_security_appliance_software	9.20.3
cisco	adaptive_security_appliance_software	9.18.4.40
cisco	adaptive_security_appliance_software	9.16.4.70
cisco	adaptive_security_appliance_software	9.16.4.67
cisco	adaptive_security_appliance_software	9.20.2.22
cisco	adaptive_security_appliance_software	9.18.4.34
cisco	adaptive_security_appliance_software	9.18.4.29
cisco	adaptive_security_appliance_software	9.16.4.62
cisco	adaptive_security_appliance_software	9.20.3.4
cisco	adaptive_security_appliance_software	9.20.3.7
cisco	adaptive_security_appliance_software	9.22.1.1
cisco	adaptive_security_appliance_software	9.23.1
cisco	adaptive_security_appliance_software	9.16.4.71
cisco	adaptive_security_appliance_software	9.16.4.76
cisco	adaptive_security_appliance_software	9.16.4.82
cisco	adaptive_security_appliance_software	9.16.4.84
cisco	adaptive_security_appliance_software	9.17.1.45
cisco	adaptive_security_appliance_software	9.17.1.46
cisco	adaptive_security_appliance_software	9.18.4.47
cisco	adaptive_security_appliance_software	9.18.4.50
cisco	adaptive_security_appliance_software	9.18.4.52
cisco	adaptive_security_appliance_software	9.18.4.53
cisco	adaptive_security_appliance_software	9.18.4.57
cisco	adaptive_security_appliance_software	9.19.1.37
cisco	adaptive_security_appliance_software	9.19.1.38
cisco	adaptive_security_appliance_software	9.19.1.42
cisco	adaptive_security_appliance_software	9.20.3.10
cisco	adaptive_security_appliance_software	9.20.3.13
cisco	adaptive_security_appliance_software	9.20.3.16
cisco	adaptive_security_appliance_software	9.20.3.20
cisco	adaptive_security_appliance_software	9.20.3.9
cisco	adaptive_security_appliance_software	9.22.1.2
cisco	adaptive_security_appliance_software	9.22.1.3
cisco	adaptive_security_appliance_software	9.22.1.6
cisco	adaptive_security_appliance_software	9.22.2
cisco	adaptive_security_appliance_software	9.23.1.3
cisco	firepower_threat_defense	6.4.0
cisco	firepower_threat_defense	7.1.0
cisco	firepower_threat_defense	7.0.0
cisco	firepower_threat_defense	7.2.0.1
cisco	firepower_threat_defense	7.0.1
cisco	firepower_threat_defense	7.0.0.1
cisco	firepower_threat_defense	7.0.1.1
cisco	firepower_threat_defense	7.0.2
cisco	firepower_threat_defense	7.0.2.1
cisco	firepower_threat_defense	7.0.3
cisco	firepower_threat_defense	7.0.4
cisco	firepower_threat_defense	7.1.0.1
cisco	firepower_threat_defense	7.1.0.2
cisco	firepower_threat_defense	7.2.0
cisco	firepower_threat_defense	6.4.0.1
cisco	firepower_threat_defense	6.4.0.3
cisco	firepower_threat_defense	6.4.0.2
cisco	firepower_threat_defense	6.4.0.4
cisco	firepower_threat_defense	6.4.0.5
cisco	firepower_threat_defense	6.4.0.6
cisco	firepower_threat_defense	6.4.0.7
cisco	firepower_threat_defense	6.4.0.8
cisco	firepower_threat_defense	6.4.0.9
cisco	firepower_threat_defense	6.4.0.10
cisco	firepower_threat_defense	6.4.0.11
cisco	firepower_threat_defense	6.4.0.12
cisco	firepower_threat_defense	6.4.0.13
cisco	firepower_threat_defense	6.4.0.14
cisco	firepower_threat_defense	7.2.1
cisco	firepower_threat_defense	7.2.2
cisco	firepower_threat_defense	7.2.3
cisco	firepower_threat_defense	7.3.1.1
cisco	firepower_threat_defense	7.3.1
cisco	firepower_threat_defense	7.3.0
cisco	firepower_threat_defense	7.2.5
cisco	firepower_threat_defense	7.2.4.1
cisco	firepower_threat_defense	7.2.4
cisco	firepower_threat_defense	7.1.0.3
cisco	firepower_threat_defense	7.0.6
cisco	firepower_threat_defense	7.0.5
cisco	firepower_threat_defense	6.4.0.16
cisco	firepower_threat_defense	6.4.0.15
cisco	firepower_threat_defense	6.4.0.17
cisco	firepower_threat_defense	7.0.6.1
cisco	firepower_threat_defense	7.2.5.1
cisco	firepower_threat_defense	7.4.0
cisco	firepower_threat_defense	7.4.1
cisco	firepower_threat_defense	7.4.1.1
cisco	firepower_threat_defense	7.2.5.2
cisco	firepower_threat_defense	7.3.1.2
cisco	firepower_threat_defense	7.2.6
cisco	firepower_threat_defense	7.2.7
cisco	firepower_threat_defense	6.4.0.18
cisco	firepower_threat_defense	7.0.6.2
cisco	firepower_threat_defense	7.2.8
cisco	firepower_threat_defense	7.2.8.1
cisco	firepower_threat_defense	7.4.2
cisco	firepower_threat_defense	7.0.6.3
cisco	firepower_threat_defense	7.4.2.1
cisco	firepower_threat_defense	7.6.0
cisco	firepower_threat_defense	7.7.0
cisco	firepower_threat_defense	7.0.7
cisco	firepower_threat_defense	7.0.8
cisco	firepower_threat_defense	7.0.8.1
cisco	firepower_threat_defense	7.2.10
cisco	firepower_threat_defense	7.2.10.2
cisco	firepower_threat_defense	7.2.9
cisco	firepower_threat_defense	7.4.2.2
cisco	firepower_threat_defense	7.4.2.3
cisco	firepower_threat_defense	7.4.2.4
cisco	firepower_threat_defense	7.6.1
cisco	firepower_threat_defense	7.6.2
cisco	firepower_threat_defense	7.6.2.1
cisco	firepower_threat_defense	7.7.10
cisco	firepower_threat_defense	7.7.10.1

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-120	The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability exists in the LUA interpreter of the Remote Access SSL VPN feature in Cisco Secure Firewall ASA and FTD software. It allows an authenticated remote attacker, who has a valid VPN connection, to send specially crafted HTTP packets to the VPN server. Because the LUA interpreter trusts user input without proper validation, the attacker can cause the device to reload unexpectedly.

The unexpected reload results in a denial of service (DoS) condition, disrupting normal device operation. This vulnerability does not affect the management or MUS interfaces.

How can this vulnerability impact me? :

The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker with valid VPN credentials can cause the affected Cisco firewall device to reload unexpectedly, which disrupts network security services and connectivity.

This could lead to temporary loss of firewall protection, interruption of VPN services, and potential downtime for users relying on the device for secure remote access.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know

What immediate steps should I take to mitigate this vulnerability?

I don't know

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-20100

LUA Injection in Cisco ASA VPN Causes Remote DoS

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart