Description
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This does not affect the management or MUS interfaces.

This vulnerability is due to trusting user input without validation in the LUA interprerter. An attacker could exploit this vulnerability by sending crafted HTTP packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Published: 2026-03-04
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply patch
AI Analysis

Impact

The vulnerability is in the Lua interpreter used by the Remote Access SSL VPN of Cisco Secure Firewall ASA and FTD. An authenticated remote attacker who has established a VPN connection can send specially crafted HTTP packets. The interpreter trusts user input without validation, which can cause the device to reload unexpectedly and result in a denial‑of‑service condition. This disruption affects firewall operation but does not impact the management or MUS interfaces.

Affected Systems

Affected systems include Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. No specific versions are listed in the advisory; administrators should verify that their deployed firmware is not vulnerable by consulting Cisco’s security portal. The flaw applies to any deployment of the Remote Access SSL VPN feature that is reachable by an attacker who can authenticate to the VPN.

Risk and Exploitability

Risk assessment: The CVSS score of 7.7 classifies this as a high‑severity vulnerability. The EPSS score of less than 1% indicates a low probability of active exploitation, and it is not listed in the CISA KEV catalog. The vulnerability requires authenticated VPN access, limiting the threat surface to users with valid VPN credentials, typically a smaller set of trusted individuals or devices.

Generated by OpenCVE AI on April 18, 2026 at 19:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Cisco ASA or FTD firmware to the latest version that contains the fix for this vulnerability, which addresses the CWE‑120 issue in the Lua interpreter.
  • If an immediate firmware upgrade is not feasible, restrict VPN access to a minimal set of trusted IP addresses and monitor for anomalous reload events.
  • Disable or remove the Remote Access SSL VPN service if it is not required for operational needs.
  • As a temporary measure, enforce strict input validation or filter outbound HTTP packets destined for the SSL VPN to prevent oversized or malformed payloads that could trigger the Lua interpreter issue (CWE‑120).

Generated by OpenCVE AI on April 18, 2026 at 19:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Title Remote Access SSL VPN Vulnerability Causes Device Reload DoS via Unvalidated Lua Input

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco adaptive Security Appliance Software
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation in the LUA interprerter. An attacker could exploit this vulnerability by sending crafted HTTP packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Adaptive Security Appliance Software Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-05T15:34:29.852Z

Reserved: 2025-10-08T11:59:15.370Z

Link: CVE-2026-20100

cve-icon Vulnrichment

Updated: 2026-03-05T15:34:25.709Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:24.653

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20100

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:45:08Z

Weaknesses