Description
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. 

This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by persuading a user to follow a link to a malicious website that is designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the VPN web server.
Published: 2026-03-04
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting enabling arbitrary client‑side code execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the VPN web services component of Cisco's Secure Firewall Adaptive Security Appliance and Threat Defense Software. Improper validation of user‑supplied data in HTTP requests allows an unauthenticated, remote attacker to inject and execute arbitrary HTML or script code in the browser of a user accessing the device. The injection occurs when the user follows a malicious link that submits crafted input to the application. Based on the nature of XSS, it is inferred that this capability could be used to hijack user sessions, steal credentials, or launch further attacks against the network.

Affected Systems

Affected products are Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. Version information is not specified, so all current releases may be vulnerable until Cisco issues a patch.

Risk and Exploitability

The vulnerability has a CVSS score of 6.1, indicating moderate impact, while the EPSS score of less than 1% suggests a low chance of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, so no public exploitation has been documented. The attack vector is remote, unauthenticated, and relies on a user's browser that connects to the VPN web portal; the attacker does not need to compromise the device itself. Given the low exploitation probability but the potential for client‑side compromise, monitoring for suspicious links and applying the vendor patch remains critical.

Generated by OpenCVE AI on April 17, 2026 at 13:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Secure Firewall patch that addresses the XSS vulnerability.
  • If a patch is not yet available, restrict access to the VPN web portal to trusted IP ranges or disable the web service entirely to prevent user interaction.
  • Configure user browsers to block or warn against executing scripts from untrusted sources, and consider implementing web‑content filtering to mitigate potential XSS payloads.

Generated by OpenCVE AI on April 17, 2026 at 13:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device.&nbsp; This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by persuading a user to follow a link to a malicious website that is designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the VPN web server.
Title Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Cross-Site Scripting Vulnerability
Weaknesses CWE-80
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Cisco Adaptive Security Appliance Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T18:10:28.008Z

Reserved: 2025-10-08T11:59:15.357Z

Link: CVE-2026-20070

cve-icon Vulnrichment

Updated: 2026-03-04T18:10:19.920Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:23.170

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20070

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses