Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processe...

Cisco Firepower Threat Defense (FTD) Software IKEv2 DoS Vulnerabilities (cisco-sa-asaftd-ikev2-dos-eBueGdEG)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by multiple vulnerabilities. - A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a...

Cisco Firepower Threat Defense (FTD) Software OSPF DoS Vulnerabilities (cisco-sa-asaftd-ospf-ZH8PhbSW)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by multiple vulnerabilities. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

New Linux FIRESTARTER Backdoor Targets Cisco Firepower Devices

CISA and NCSC warn that FIRESTARTER, a Linux-based backdoor, targets Cisco Firepower devices, evades patches, and enables persistent access even after firmware updates...

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency CISA has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance ASA software was compromised in September 2025 with a new malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K....

UAT-4356's Targeting of Cisco Firepower Devices

Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices' Firepower eXtensible Operating System FXOS. UAT-4356 exploited n-day vulnerabilities CVE-2025-20333 and CVE-2025-20362 to gain unauthorized access to vulnerable devices, where the threat actor deployed their...

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency CISA issued an update to V1: Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices...

CVE-2026-20112

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:10+00:00| seen|...

CVE-2026-20104

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/cisco-ios-xe-multiple-vulnerabilities20260326 2026-03-26 03:00:10+00:00| seen|...

Exploit for CVE-2026-20131

CVE-2026-20131 — Cisco FMC Insecure Java Deserialization RCE...

CVE-2026-20101

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to insufficient error checki...

CVE-2026-20025

CVE-2026-20025 affects Cisco Secure Firewall ASA/FTD OSPF processing. An authenticated, adjacent attacker with the OSPF secret key can send crafted OSPF LSU packets to trigger insufficient input validation, potentially corrupting the heap and causing the device to reload for a DoS. The vulnerabil...

CVE-2026-20016

A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attack...

EUVD-2026-9426

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

CVE-2026-20063 Cisco Secure FTD Software Authenticated Command Injection Vulnerability

A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...

CVE-2026-20018 Cisco Firepower Management Center Software and Firepower Threat Defense Path Traversal Vulnerability

A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...

CVE-2026-20018 Cisco Firepower Management Center Software and Firepower Threat Defense Path Traversal Vulnerability

A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...

CVE-2026-20006 Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TLS with Snort 3 Denial of Service Vulnerability

A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service DoS condition...

CVE-2026-20006

CVE-2026-20006 concerns Cisco Secure Firewall Threat Defense software. It reports a vulnerability in the TLS cryptography functionality of Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Engine to restart, resulting in a denial of service. The is...

CVE-2026-20014

The CVE concerns Cisco Secure Firewall ASA Software and Cisco Secure FTD Software with an IKEv2 handling flaw. An authenticated remote attacker with valid VPN user credentials can send crafted IKEv2 packets to trigger a DoS by exhausting memory, leading to a device reload and potential impact on ...