FKIE_CVE-2026-20102
Vulnerability from fkie_nvd - Published: 2026-03-04 18:16 - Updated: 2026-06-17 10:17
Severity
Summary
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.
This vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device.
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9.16.1"
},
{
"status": "affected",
"version": "9.16.1.28"
},
{
"status": "affected",
"version": "9.16.2"
},
{
"status": "affected",
"version": "9.16.2.3"
},
{
"status": "affected",
"version": "9.16.2.7"
},
{
"status": "affected",
"version": "9.17.1"
},
{
"status": "affected",
"version": "9.16.2.11"
},
{
"status": "affected",
"version": "9.16.2.13"
},
{
"status": "affected",
"version": "9.16.2.14"
},
{
"status": "affected",
"version": "9.17.1.7"
},
{
"status": "affected",
"version": "9.17.1.9"
},
{
"status": "affected",
"version": "9.17.1.10"
},
{
"status": "affected",
"version": "9.17.1.11"
},
{
"status": "affected",
"version": "9.17.1.13"
},
{
"status": "affected",
"version": "9.17.1.15"
},
{
"status": "affected",
"version": "9.17.1.20"
},
{
"status": "affected",
"version": "9.17.1.30"
},
{
"status": "affected",
"version": "9.17.1.33"
},
{
"status": "affected",
"version": "9.17.1.39"
},
{
"status": "affected",
"version": "9.17.1.45"
},
{
"status": "affected",
"version": "9.17.1.46"
},
{
"status": "affected",
"version": "9.23.1.13"
},
{
"status": "affected",
"version": "9.20.4.7"
},
{
"status": "affected",
"version": "9.22.2.13"
},
{
"status": "affected",
"version": "9.18.4.66"
},
{
"status": "affected",
"version": "9.20.4.10"
},
{
"status": "affected",
"version": "9.23.1.19"
},
{
"status": "affected",
"version": "9.18.4.67"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Secure Firewall Threat Defense (FTD) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
}
]
}
],
"source": "psirt@cisco.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607EC994-8748-4BD6-9FBA-9C629EEFE20E",
"versionEndExcluding": "9.16.4.89",
"versionStartIncluding": "9.16.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F5D95D-6E80-42D2-BF57-8B3B600D6B40",
"versionEndExcluding": "9.18.4.71",
"versionStartIncluding": "9.17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAD7362-E8E2-4618-89CA-50E9B0102651",
"versionEndExcluding": "9.20.4.19",
"versionStartIncluding": "9.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "279FE4E6-C208-48E2-9B07-DCB121C59A08",
"versionEndExcluding": "9.22.2.32",
"versionStartIncluding": "9.22.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67082150-477F-4B2E-B880-069D05875DC3",
"versionEndExcluding": "9.23.1.26",
"versionStartIncluding": "9.23.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14522326-0EF6-455A-8C84-C84E8C6B3F29",
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA98A98-A084-4DB0-B08F-33EB6C8607C0",
"versionEndExcluding": "7.2.11",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0943CCEB-1EA4-489B-9E62-631046B1A4AA",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B728650B-131B-43FD-A7F2-DAE8DAF781C6",
"versionEndExcluding": "10.0.0",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.\r\n\r\nThis vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker\u0026nbsp;to conduct a reflected XSS attack through an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de inicio de sesi\u00f3n \u00fanico (SSO) SAML 2.0 de Cisco Secure Firewall ASA Software y Cisco Secure Firewall Threat Defense (FTD) Software podr\u00eda permitir a un atacante remoto no autenticado realizar un ataque de cross-site scripting (XSS) contra la funci\u00f3n SAML y acceder a informaci\u00f3n sensible basada en el navegador.\n\nEsta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de m\u00faltiples par\u00e1metros HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad persuadiendo a un usuario para que acceda a un enlace malicioso. Un exploit exitoso podr\u00eda permitir al atacante realizar un ataque XSS reflejado a trav\u00e9s de un dispositivo afectado."
}
],
"id": "CVE-2026-20102",
"lastModified": "2026-06-17T10:17:06.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-20102",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T18:09:12.628315Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-03-04T18:16:25.620",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-LktTrwZP"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…