4
CVE-2026-20056
- EPSS 0.02%
- Veröffentlicht 04.02.2026 16:11:48
- Zuletzt bearbeitet 05.02.2026 14:57:34
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Secure Web Appliance
Default Statusunknown
Version
11.8.0-453
Status
affected
Version
12.5.3-002
Status
affected
Version
12.0.3-007
Status
affected
Version
12.0.3-005
Status
affected
Version
14.1.0-032
Status
affected
Version
14.1.0-047
Status
affected
Version
14.1.0-041
Status
affected
Version
12.0.4-002
Status
affected
Version
14.0.2-012
Status
affected
Version
11.8.0-414
Status
affected
Version
12.0.1-268
Status
affected
Version
11.8.1-023
Status
affected
Version
11.8.3-021
Status
affected
Version
11.8.3-018
Status
affected
Version
12.5.1-011
Status
affected
Version
11.8.4-004
Status
affected
Version
12.5.2-007
Status
affected
Version
12.5.2-011
Status
affected
Version
14.5.0-498
Status
affected
Version
12.5.4-005
Status
affected
Version
12.5.4-011
Status
affected
Version
12.0.5-011
Status
affected
Version
14.0.3-014
Status
affected
Version
12.5.5-004
Status
affected
Version
12.5.5-005
Status
affected
Version
12.5.5-008
Status
affected
Version
14.0.4-005
Status
affected
Version
14.5.1-008
Status
affected
Version
14.5.1-016
Status
affected
Version
15.0.0-355
Status
affected
Version
15.0.0-322
Status
affected
Version
12.5.6-008
Status
affected
Version
15.1.0-287
Status
affected
Version
14.5.2-011
Status
affected
Version
15.2.0-116
Status
affected
Version
14.0.5-007
Status
affected
Version
15.2.0-164
Status
affected
Version
14.5.1-510
Status
affected
Version
12.0.2-012
Status
affected
Version
12.0.2-004
Status
affected
Version
14.5.1-607
Status
affected
Version
14.5.3-033
Status
affected
Version
15.0.1-004
Status
affected
Version
15.2.1-011
Status
affected
Version
14.5.0-673
Status
affected
Version
14.5.0-537
Status
affected
Version
12.0.1-334
Status
affected
Version
14.0.1-503
Status
affected
Version
14.0.1-053
Status
affected
Version
11.8.0-429
Status
affected
Version
14.0.1-040
Status
affected
Version
14.0.1-014
Status
affected
Version
12.5.1-043
Status
affected
Version
15.2.2-009
Status
affected
Version
15.5.0-566
Status
affected
Version
15.2.3-007
Status
affected
Version
15.5.0-574
Status
affected
Version
15.5.0-710
Status
affected
Version
15.2.4-022
Status
affected
Version
15.5.1-002
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.055 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 4 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
|
CWE-494 Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.