Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Cisco Firewall Software: Unauthenticated Attackers Can Hijack Users' Browsers
CVE-2026-20069
Summary
An unauthenticated attacker can hijack a user's browser and conduct malicious activities, such as cross-site scripting attacks, by tricking them into visiting a malicious website. This only affects users of Cisco Firewall Software with VPN features enabled. To protect yourself, ensure that VPN features are disabled unless necessary and keep your software up to date with the latest security patches.
Original title
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthen...
Original description
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device.
This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious HTTP requests to a device that is running Cisco Secure Firewall ASA Software or Cisco Secure FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting (XSS) attacks. The attacker is not able to directly impact the affected device.
This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious HTTP requests to a device that is running Cisco Secure Firewall ASA Software or Cisco Secure FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting (XSS) attacks. The attacker is not able to directly impact the affected device.
nvd CVSS3.1
4.3
Vulnerability type
CWE-444
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026