CVE-2026-20009

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Adaptive Security Appliance (ASA) Software (affected versions not specified)

Description A flaw exists in the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall ASA Software. This issue could allow a remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific user without the user's private SSH key. The vulnerability stems from inadequate validation of user input during the SSH authentication process. An attacker can exploit this by providing crafted input during SSH authentication. To successfully exploit this, the attacker must have a valid username and the corresponding public key. Exploitation does not grant root access. The AAA configuration command auto-enable is not impacted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.