Description
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device.

This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious HTTP requests to a device that is running Cisco Secure Firewall ASA Software or Cisco Secure FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting (XSS) attacks. The attacker is not able to directly impact the affected device.
Published: 2026-03-04
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting (browser exploitation)
Action: Monitor
AI Analysis

Impact

Improper validation of HTTP requests in the VPN web services component of Cisco Secure Firewall ASA and FTD allows an unauthenticated remote attacker to trick a user into visiting a malicious website that sends crafted HTTP requests to the device. The vulnerable device then reflects the malicious input back to the victim’s browser, enabling browser‑based attacks such as cross‑site scripting. The attacker cannot directly manipulate the device but can hijack the browser session of an authenticated or unauthenticated user. The vulnerability is classified as a CWE‑444 request smuggling flaw.

Affected Systems

This issue affects Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software when the VPN web services endpoints are enabled. No specific version range is listed in the advisory, so all releases with the exposed VPN web services feature are potentially impacted.

Risk and Exploitability

The CVSS score is 4.3, indicating moderate severity, while the EPSS score is below 1%, suggesting a low probability of exploitation. The vulnerability is not included in the CISA KEV catalog. Exploitation requires user interaction; the attacker must persuade a user to visit a malicious site that sends crafted requests to the device. The attack can only happen when the affected device’s VPN web services endpoints are reachable from the user’s browser. Overall risk to the device itself is low, but the risk to end‑user browsers is significant for those who navigate to malicious sites designed to trigger the flaw.

Generated by OpenCVE AI on April 16, 2026 at 13:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco ASA or FTD patch that addresses the HTTP request validation issue
  • If the VPN web services feature is not required, disable the associated web services endpoints on the device
  • Restrict inbound traffic to the VPN web services endpoints to trusted IP addresses or networks
  • Configure client browsers to enforce XSS protection mechanisms such as Content‑Security‑Policy headers

Generated by OpenCVE AI on April 16, 2026 at 13:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious HTTP requests to a device that is running Cisco Secure Firewall ASA Software or Cisco Secure FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting (XSS) attacks. The attacker is not able to directly impact the affected device.
Title Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability
Weaknesses CWE-444
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Cisco Adaptive Security Appliance Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T20:24:29.280Z

Reserved: 2025-10-08T11:59:15.357Z

Link: CVE-2026-20069

cve-icon Vulnrichment

Updated: 2026-03-04T20:24:18.452Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:22.717

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20069

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses