Improper Access Control in Cisco Secure Firewall ASA Software
CVE-2026-20062

7.2HIGH

Key Information:

Vendor

Cisco
Status
Cisco Secure Firewall Adaptive Security Appliance (asa) Software
Vendor
CVE Published:
4 March 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-20062?

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software enables an authenticated local attacker with administrative privileges in one context to exploit improper access controls for Secure Copy Protocol (SCP) operations. This flaw allows the attacker to copy files to or from another context, potentially compromising sensitive configuration files. To successfully execute an attack, the attacker must have valid administrative credentials for a non-admin context and must issue specific SCP copy commands, aware of the exact file path, which limits the attack surface slightly but still poses a significant risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.7

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.9

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.