{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T05:19:45.644","vulnerabilities":[{"cve":{"id":"CVE-2026-20008","sourceIdentifier":"psirt@cisco.com","published":"2026-03-04T18:16:14.383","lastModified":"2026-04-16T20:13:21.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root.\r\n\r\nThis vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials."},{"lang":"es","value":"Una vulnerabilidad en un pequeño subconjunto de comandos CLI que se utilizan en el Software Cisco Secure Firewall Adaptive Security Appliance (ASA) y el Software Cisco Secure Firewall Threat Defense (FTD) podría permitir a un atacante autenticado y local crear código Lua que podría utilizarse en el sistema operativo subyacente como root.\n\nEsta vulnerabilidad existe porque la entrada proporcionada por el usuario no se sanea correctamente. Un atacante podría explotar esta vulnerabilidad creando código Lua válido y enviándolo como un parámetro malicioso para un comando CLI. Un exploit exitoso podría permitir al atacante inyectar código Lua, lo que podría conducir a la ejecución de código arbitrario como usuario root. Para explotar esta vulnerabilidad, un atacante debe tener credenciales de Administrador válidas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.12.1","versionEndExcluding":"9.16.4.85","matchCriteriaId":"74292810-417D-42CC-9123-55166145E91D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.17.1","versionEndExcluding":"9.18.4.66","matchCriteriaId":"7EFC1809-7619-43ED-80FD-0FC28C876879"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.19.1","versionEndExcluding":"9.20.4","matchCriteriaId":"4988A136-196A-448B-A416-992803647AB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.22.1.1","versionEndExcluding":"9.22.2.4","matchCriteriaId":"55B05CD4-4849-471F-ACC5-0E0478568A2D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.23.1","versionEndExcluding":"9.23.1.7","matchCriteriaId":"61AA6D92-28AC-41E2-8CD3-F7094A079D65"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.0.9","matchCriteriaId":"A02019B1-284B-4118-A544-9AA56216E741"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0","versionEndExcluding":"7.2.11","matchCriteriaId":"3DA98A98-A084-4DB0-B08F-33EB6C8607C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndExcluding":"7.4.3","matchCriteriaId":"737DB8CE-EC0B-4221-A8BF-3E64702DE092"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"26A29A1A-8013-4CE1-8DE5-4C82778A1D96"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.0","versionEndExcluding":"7.7.11","matchCriteriaId":"A267F3D1-7449-4622-91AB-F9CA2DDDB61E"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-luainject-VescqgmS","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}