8.6
CVE-2026-20101
- EPSS 0.16%
- Veröffentlicht 04.03.2026 17:19:22
- Zuletzt bearbeitet 16.04.2026 20:28:29
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to insufficient error checking when processing SAML messages. An attacker could exploit this vulnerability by sending crafted SAML messages to the SAML service. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Adaptive Security Appliance Software Version >= 9.12.1 < 9.16.4.85
Cisco ≫ Adaptive Security Appliance Software Version >= 9.17.1 < 9.18.4.66
Cisco ≫ Adaptive Security Appliance Software Version >= 9.19.1 < 9.20.4
Cisco ≫ Adaptive Security Appliance Software Version >= 9.22.1.1 < 9.22.2.4
Cisco ≫ Adaptive Security Appliance Software Version >= 9.23.1 < 9.23.1.7
Cisco ≫ Firepower Threat Defense Software Version >= 6.4.0 < 7.0.9
Cisco ≫ Firepower Threat Defense Software Version >= 7.1.0 < 7.2.11
Cisco ≫ Firepower Threat Defense Software Version >= 7.3.0 < 7.4.3
Cisco ≫ Firepower Threat Defense Software Version >= 7.6.0 < 7.6.4
Cisco ≫ Firepower Threat Defense Software Version >= 7.7.0 < 7.7.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.36 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.