Auth Bypass CLI ASA SCP Context File Copy
CVE-2026-20062 Published on March 4, 2026
A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context. Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.
Vulnerability Analysis
CVE-2026-20062 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Incorrect Execution-Assigned Permissions
While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
Products Associated with CVE-2026-20062
Want to know whenever a new CVE is published for Cisco Adaptive Security Appliance? stack.watch will email you.
Affected Versions
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software:- Version 9.17.1 is affected.
- Version 9.17.1.7 is affected.
- Version 9.17.1.9 is affected.
- Version 9.17.1.10 is affected.
- Version 9.17.1.11 is affected.
- Version 9.17.1.13 is affected.
- Version 9.17.1.15 is affected.
- Version 9.17.1.20 is affected.
- Version 9.17.1.30 is affected.
- Version 9.17.1.33 is affected.
- Version 9.17.1.39 is affected.
- Version 9.17.1.45 is affected.
- Version 9.17.1.46 is affected.
- Version 9.18.1 is affected.
- Version 9.18.1.3 is affected.
- Version 9.18.2 is affected.
- Version 9.18.2.5 is affected.
- Version 9.18.2.7 is affected.
- Version 9.18.2.8 is affected.
- Version 9.18.3 is affected.
- Version 9.18.3.39 is affected.
- Version 9.18.3.46 is affected.
- Version 9.18.3.53 is affected.
- Version 9.18.3.55 is affected.
- Version 9.18.3.56 is affected.
- Version 9.18.4 is affected.
- Version 9.18.4.5 is affected.
- Version 9.18.4.8 is affected.
- Version 9.18.4.22 is affected.
- Version 9.18.4.24 is affected.
- Version 9.18.4.29 is affected.
- Version 9.18.4.34 is affected.
- Version 9.18.4.40 is affected.
- Version 9.18.4.47 is affected.
- Version 9.18.4.50 is affected.
- Version 9.18.4.52 is affected.
- Version 9.18.4.53 is affected.
- Version 9.18.4.57 is affected.
- Version 9.19.1 is affected.
- Version 9.19.1.5 is affected.
- Version 9.19.1.9 is affected.
- Version 9.19.1.12 is affected.
- Version 9.19.1.18 is affected.
- Version 9.19.1.22 is affected.
- Version 9.19.1.24 is affected.
- Version 9.19.1.27 is affected.
- Version 9.19.1.28 is affected.
- Version 9.19.1.31 is affected.
- Version 9.19.1.37 is affected.
- Version 9.19.1.38 is affected.
- Version 9.19.1.42 is affected.
- Version 9.20.1 is affected.
- Version 9.20.1.5 is affected.
- Version 9.20.2 is affected.
- Version 9.20.2.10 is affected.
- Version 9.20.2.21 is affected.
- Version 9.20.2.22 is affected.
- Version 9.20.3 is affected.
- Version 9.20.3.4 is affected.
- Version 9.20.3.7 is affected.
- Version 9.20.3.9 is affected.
- Version 9.20.3.10 is affected.
- Version 9.20.3.13 is affected.
- Version 9.20.3.16 is affected.
- Version 9.20.3.20 is affected.
- Version 9.22.1.1 is affected.
- Version 9.22.1.3 is affected.
- Version 9.22.1.2 is affected.
- Version 9.22.1.6 is affected.
- Version 9.22.2 is affected.
- Version 9.22.2.4 is affected.
- Version 9.23.1 is affected.
- Version 9.23.1.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.