Cisco ASA and FTD Software: Malicious Lua Code Injection Possible

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.0

Cisco ASA and FTD Software: Malicious Lua Code Injection Possible

CVE-2026-20008

Summary

An attacker with administrator access can inject malicious code into the underlying system, potentially taking control of the device. This vulnerability affects a small subset of command-line interface commands on Cisco's firewall software. To protect your device, ensure only authorized personnel have administrator access and regularly update your software to the latest version.

Original title

Original description

A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root.

This vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials.

nvd CVSS3.1 6.0

Vulnerability type

CWE-78 OS Command Injection

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026