3 actively exploited
Cisco ASA 9.9(2)59: known CVEs & fixed releases
4 CVEs affect this build · 3 in CISA KEV (actively exploited) · highest CVSS 7.5 · 8 builds behind the latest 9.9(2)235 · updated 2026-06-23
Patch path: upgrade to 9.9(2)67 or 9.9(2)74 or 9.9(2)85 to clear the exploited issues below.
- KEV · exploited HIGHCVE-2020-3452
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.
- CVSS
- 7.5
- EPSS
- 100%
- KEV added
- 2021-11-03
- Published
- 2020-07-22
Fixed in9.10(1)42,9.12(3)12,9.13(1)10,9.14(1)10,9.6(4)42,9.8(4)20,9.9(2)74NVD ↗Cisco ↗CISA ↗packetstormsecurity.com ↗ - KEV · exploited MEDIUMCVE-2020-3580
Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information.
- CVSS
- 6.1
- EPSS
- 85%
- KEV added
- 2021-11-03
- Published
- 2020-10-21
- KEV · exploited HIGHCVE-2020-3259
Cisco ASA and FTD Information Disclosure Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.
- CVSS
- 7.5
- EPSS
- 72%
- KEV added
- 2024-02-15
- Published
- 2020-05-06
- MEDIUMCVE-2023-20081
CVE-2023-20081
A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position.
- CVSS
- 5.9
- EPSS
- 1%
- Published
- 2023-03-23
Stop checking versions by hand
Is your whole fleet exposed, not just this Cisco ASA?
VulnMonitor reconciles every advisory against your real inventory and ranks what matters by actual exploitation (CISA KEV, EPSS), not raw CVSS. New CVE hits your gear, it is on your queue with the fix attached.
Free to start · no credit card
Other Cisco ASA versions
- 9.18(1) 56 CVEs · 6 KEV
- 9.18(2)5 55 CVEs · 6 KEV
- 9.18(2) 55 CVEs · 6 KEV
- 9.18(1)3 55 CVEs · 6 KEV
- 9.19(1) 54 CVEs · 6 KEV
- 9.18(2)7 54 CVEs · 6 KEV
- 9.18(2)8 53 CVEs · 6 KEV
- 9.17(1) 53 CVEs · 6 KEV
- 9.16(2)7 53 CVEs · 6 KEV
- 9.16(2)3 53 CVEs · 6 KEV
- 9.16(2)11 53 CVEs · 6 KEV
- 9.16(2) 53 CVEs · 6 KEV
- 9.16(1)28 53 CVEs · 6 KEV
- 9.16(1) 53 CVEs · 6 KEV