CVE-2026-20062 - Vulnerability Details

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files.

This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context.

Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software

affected

Version	Status	Constraints
`9.17.1`	affected	—
`9.17.1.7`	affected	—
`9.17.1.9`	affected	—
`9.17.1.10`	affected	—
`9.17.1.11`	affected	—
`9.17.1.13`	affected	—
`9.17.1.15`	affected	—
`9.17.1.20`	affected	—
`9.17.1.30`	affected	—
`9.17.1.33`	affected	—
`9.17.1.39`	affected	—
`9.17.1.45`	affected	—
`9.17.1.46`	affected	—
`9.18.1`	affected	—
`9.18.1.3`	affected	—
`9.18.2`	affected	—
`9.18.2.5`	affected	—
`9.18.2.7`	affected	—
`9.18.2.8`	affected	—
`9.18.3`	affected	—
`9.18.3.39`	affected	—
`9.18.3.46`	affected	—
`9.18.3.53`	affected	—
`9.18.3.55`	affected	—
`9.18.3.56`	affected	—
`9.18.4`	affected	—
`9.18.4.5`	affected	—
`9.18.4.8`	affected	—
`9.18.4.22`	affected	—
`9.18.4.24`	affected	—
`9.18.4.29`	affected	—
`9.18.4.34`	affected	—
`9.18.4.40`	affected	—
`9.18.4.47`	affected	—
`9.18.4.50`	affected	—
`9.18.4.52`	affected	—
`9.18.4.53`	affected	—
`9.18.4.57`	affected	—
`9.19.1`	affected	—
`9.19.1.5`	affected	—
`9.19.1.9`	affected	—
`9.19.1.12`	affected	—
`9.19.1.18`	affected	—
`9.19.1.22`	affected	—
`9.19.1.24`	affected	—
`9.19.1.27`	affected	—
`9.19.1.28`	affected	—
`9.19.1.31`	affected	—
`9.19.1.37`	affected	—
`9.19.1.38`	affected	—
`9.19.1.42`	affected	—
`9.20.1`	affected	—
`9.20.1.5`	affected	—
`9.20.2`	affected	—
`9.20.2.10`	affected	—
`9.20.2.21`	affected	—
`9.20.2.22`	affected	—
`9.20.3`	affected	—
`9.20.3.4`	affected	—
`9.20.3.7`	affected	—
`9.20.3.9`	affected	—
`9.20.3.10`	affected	—
`9.20.3.13`	affected	—
`9.20.3.16`	affected	—
`9.20.3.20`	affected	—
`9.22.1.1`	affected	—
`9.22.1.3`	affected	—
`9.22.1.2`	affected	—
`9.22.1.6`	affected	—
`9.22.2`	affected	—
`9.22.2.4`	affected	—
`9.23.1`	affected	—
`9.23.1.3`	affected	—

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-scpcxt-filecpy-rgeP73nE

History

Wed, 04 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context. Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.
Weaknesses		CWE-279
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-scpcxt-filecpy-rgeP73nE
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-03-04T17:22:20.912Z

Updated: 2026-03-04T17:22:20.912Z

Reserved: 2025-10-08T11:59:15.356Z

Link: CVE-2026-20062

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-04T18:16:20.910

Modified: 2026-03-04T18:16:20.910

Link: CVE-2026-20062

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-279

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object