Root Privilege Escalation via Lua Injection on Cisco Secure Firewall ASA/FTD
CVE-2026-20008 Published on March 4, 2026
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Code Injection Vulnerability
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root.
This vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials.
Vulnerability Analysis
CVE-2026-20008 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2026-20008 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2026-20008
Want to know whenever a new CVE is published for Cisco Adaptive Security Appliance? stack.watch will email you.
Affected Versions
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software:- Version 9.12.3 is affected.
- Version 9.12.1 is affected.
- Version 9.12.2 is affected.
- Version 9.12.4 is affected.
- Version 9.12.3.2 is affected.
- Version 9.12.3.7 is affected.
- Version 9.12.2.5 is affected.
- Version 9.12.3.12 is affected.
- Version 9.12.1.3 is affected.
- Version 9.12.2.4 is affected.
- Version 9.12.1.2 is affected.
- Version 9.12.2.9 is affected.
- Version 9.12.3.9 is affected.
- Version 9.12.2.1 is affected.
- Version 9.12.4.2 is affected.
- Version 9.12.4.4 is affected.
- Version 9.12.4.7 is affected.
- Version 9.12.4.8 is affected.
- Version 9.12.4.10 is affected.
- Version 9.12.4.13 is affected.
- Version 9.12.4.18 is affected.
- Version 9.12.4.24 is affected.
- Version 9.16.1 is affected.
- Version 9.12.4.26 is affected.
- Version 9.16.1.28 is affected.
- Version 9.12.4.29 is affected.
- Version 9.16.2 is affected.
- Version 9.12.4.30 is affected.
- Version 9.16.2.3 is affected.
- Version 9.12.4.35 is affected.
- Version 9.16.2.7 is affected.
- Version 9.12.4.37 is affected.
- Version 9.17.1 is affected.
- Version 9.16.2.11 is affected.
- Version 9.16.2.13 is affected.
- Version 9.12.4.39 is affected.
- Version 9.12.4.38 is affected.
- Version 9.16.2.14 is affected.
- Version 9.17.1.7 is affected.
- Version 9.12.4.40 is affected.
- Version 9.16.3.3 is affected.
- Version 9.16.3 is affected.
- Version 9.16.3.14 is affected.
- Version 9.17.1.9 is affected.
- Version 9.12.4.41 is affected.
- Version 9.17.1.10 is affected.
- Version 9.18.1 is affected.
- Version 9.12.4.47 is affected.
- Version 9.16.3.15 is affected.
- Version 9.18.1.3 is affected.
- Version 9.17.1.11 is affected.
- Version 9.12.4.48 is affected.
- Version 9.18.2 is affected.
- Version 9.16.3.19 is affected.
- Version 9.17.1.13 is affected.
- Version 9.12.4.50 is affected.
- Version 9.17.1.15 is affected.
- Version 9.12.4.52 is affected.
- Version 9.16.3.23 is affected.
- Version 9.18.2.5 is affected.
- Version 9.16.4 is affected.
- Version 9.12.4.54 is affected.
- Version 9.17.1.20 is affected.
- Version 9.18.2.7 is affected.
- Version 9.19.1 is affected.
- Version 9.16.4.9 is affected.
- Version 9.12.4.55 is affected.
- Version 9.18.2.8 is affected.
- Version 9.16.4.14 is affected.
- Version 9.18.3 is affected.
- Version 9.19.1.5 is affected.
- Version 9.12.4.56 is affected.
- Version 9.17.1.30 is affected.
- Version 9.19.1.9 is affected.
- Version 9.18.3.39 is affected.
- Version 9.16.4.19 is affected.
- Version 9.12.4.58 is affected.
- Version 9.19.1.12 is affected.
- Version 9.18.3.46 is affected.
- Version 9.16.4.27 is affected.
- Version 9.19.1.18 is affected.
- Version 9.18.3.53 is affected.
- Version 9.18.3.55 is affected.
- Version 9.16.4.38 is affected.
- Version 9.17.1.33 is affected.
- Version 9.12.4.62 is affected.
- Version 9.16.4.39 is affected.
- Version 9.18.3.56 is affected.
- Version 9.20.1 is affected.
- Version 9.16.4.42 is affected.
- Version 9.19.1.22 is affected.
- Version 9.18.4 is affected.
- Version 9.20.1.5 is affected.
- Version 9.18.4.5 is affected.
- Version 9.19.1.24 is affected.
- Version 9.16.4.48 is affected.
- Version 9.18.4.8 is affected.
- Version 9.20.2 is affected.
- Version 9.19.1.27 is affected.
- Version 9.12.4.65 is affected.
- Version 9.16.4.55 is affected.
- Version 9.18.4.22 is affected.
- Version 9.20.2.10 is affected.
- Version 9.16.4.57 is affected.
- Version 9.19.1.28 is affected.
- Version 9.17.1.39 is affected.
- Version 9.12.4.67 is affected.
- Version 9.18.4.24 is affected.
- Version 9.20.2.21 is affected.
- Version 9.16.4.61 is affected.
- Version 9.19.1.31 is affected.
- Version 9.18.4.29 is affected.
- Version 9.20.2.22 is affected.
- Version 9.16.4.62 is affected.
- Version 9.18.4.34 is affected.
- Version 9.20.3 is affected.
- Version 9.16.4.67 is affected.
- Version 9.16.4.70 is affected.
- Version 9.18.4.40 is affected.
- Version 9.23.1 is affected.
- Version 9.22.1.1 is affected.
- Version 9.16.4.71 is affected.
- Version 9.20.3.4 is affected.
- Version 9.18.4.47 is affected.
- Version 9.20.3.7 is affected.
- Version 9.17.1.45 is affected.
- Version 9.19.1.37 is affected.
- Version 9.17.1.46 is affected.
- Version 9.16.4.76 is affected.
- Version 9.20.3.9 is affected.
- Version 9.19.1.38 is affected.
- Version 9.18.4.50 is affected.
- Version 9.22.1.3 is affected.
- Version 9.20.3.10 is affected.
- Version 9.22.1.2 is affected.
- Version 9.18.4.52 is affected.
- Version 9.20.3.13 is affected.
- Version 9.22.1.6 is affected.
- Version 9.18.4.53 is affected.
- Version 9.16.4.82 is affected.
- Version 9.22.2 is affected.
- Version 9.20.3.16 is affected.
- Version 9.19.1.42 is affected.
- Version 9.18.4.57 is affected.
- Version 9.16.4.84 is affected.
- Version 9.23.1.3 is affected.
- Version 9.20.3.20 is affected.
- Version 6.4.0.1 is affected.
- Version 6.4.0.2 is affected.
- Version 6.4.0.5 is affected.
- Version 6.4.0 is affected.
- Version 6.4.0.3 is affected.
- Version 6.4.0.4 is affected.
- Version 6.4.0.6 is affected.
- Version 6.4.0.7 is affected.
- Version 6.4.0.8 is affected.
- Version 6.4.0.9 is affected.
- Version 6.4.0.10 is affected.
- Version 6.4.0.11 is affected.
- Version 6.4.0.12 is affected.
- Version 7.0.0 is affected.
- Version 7.0.0.1 is affected.
- Version 7.0.1 is affected.
- Version 7.1.0 is affected.
- Version 6.4.0.13 is affected.
- Version 7.0.1.1 is affected.
- Version 6.4.0.14 is affected.
- Version 7.1.0.1 is affected.
- Version 7.0.2 is affected.
- Version 6.4.0.15 is affected.
- Version 7.2.0 is affected.
- Version 7.0.2.1 is affected.
- Version 7.0.3 is affected.
- Version 7.1.0.2 is affected.
- Version 7.2.0.1 is affected.
- Version 7.0.4 is affected.
- Version 7.2.1 is affected.
- Version 7.0.5 is affected.
- Version 6.4.0.16 is affected.
- Version 7.3.0 is affected.
- Version 7.2.2 is affected.
- Version 7.2.3 is affected.
- Version 7.3.1 is affected.
- Version 7.1.0.3 is affected.
- Version 7.2.4 is affected.
- Version 7.0.6 is affected.
- Version 7.2.5 is affected.
- Version 7.2.4.1 is affected.
- Version 7.3.1.1 is affected.
- Version 7.4.0 is affected.
- Version 6.4.0.17 is affected.
- Version 7.0.6.1 is affected.
- Version 7.2.5.1 is affected.
- Version 7.4.1 is affected.
- Version 7.2.6 is affected.
- Version 7.0.6.2 is affected.
- Version 7.4.1.1 is affected.
- Version 6.4.0.18 is affected.
- Version 7.2.7 is affected.
- Version 7.2.5.2 is affected.
- Version 7.3.1.2 is affected.
- Version 7.2.8 is affected.
- Version 7.6.0 is affected.
- Version 7.4.2 is affected.
- Version 7.2.8.1 is affected.
- Version 7.0.6.3 is affected.
- Version 7.4.2.1 is affected.
- Version 7.2.9 is affected.
- Version 7.0.7 is affected.
- Version 7.7.0 is affected.
- Version 7.4.2.2 is affected.
- Version 7.2.10 is affected.
- Version 7.6.1 is affected.
- Version 7.4.2.3 is affected.
- Version 7.0.8 is affected.
- Version 7.6.2 is affected.
- Version 7.7.10 is affected.
- Version 7.0.8.1 is affected.
- Version 7.6.2.1 is affected.
- Version 7.7.10.1 is affected.
- Version 7.4.2.4 is affected.
- Version 7.2.10.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.