製品・ソフトウェアに関する情報

JVN脆弱性詳細

シスコシステムズのAdaptive Security Appliance (ASA) Software等の複数製品における古典的バッファオーバーフローの脆弱性

Title	シスコシステムズのAdaptive Security Appliance (ASA) Software等の複数製品における古典的バッファオーバーフローの脆弱性
Summary	Cisco Secure Firewall Adaptive Security Appliance (ASA) ソフトウェアおよび Secure Firewall Threat Defense (FTD) ソフトウェアのリモートアクセス SSL VPN 機能に含まれる LUA インタプリタに脆弱性が存在します。この脆弱性により、有効な VPN 接続を持つ認証済みのリモート攻撃者がデバイスを予期せず再起動させ、サービス拒否（DoS）状態を引き起こす可能性があります。この脆弱性は管理用インターフェースや MUS インターフェースには影響しません。この問題は、LUA インタプリタがユーザー入力を検証せずに信頼していることが原因です。攻撃者は細工された HTTP パケットをリモートアクセス SSL VPN サーバーに送信することで、この脆弱性を悪用できます。成功した攻撃により、攻撃者はデバイスを再起動させて DoS 状態を引き起こすことが可能です。
Possible impacts	当該ソフトウェアが扱う情報について、外部への漏えいは発生しません。また、当該ソフトウェアが扱う情報について、書き換えは発生しません。さらに、当該ソフトウェアが完全に停止する可能性があります。そして、この脆弱性を悪用した攻撃により、他のソフトウェアにも影響が及ぶ可能性があります。
Solution	正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 4, 2026, midnight
Registration Date	May 7, 2026, 11:30 a.m.
Last Update	May 7, 2026, 11:30 a.m.

CVSS3.0 : 重要
Score	7.7
Vector	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected System

シスコシステムズ

Adaptive Security Appliance (ASA) Software 9.12.1

Adaptive Security Appliance (ASA) Software 9.12.1.2

Adaptive Security Appliance (ASA) Software 9.12.1.3

Adaptive Security Appliance (ASA) Software 9.12.2

Adaptive Security Appliance (ASA) Software 9.12.2.1

Adaptive Security Appliance (ASA) Software 9.12.2.4

Adaptive Security Appliance (ASA) Software 9.12.2.5

Adaptive Security Appliance (ASA) Software 9.12.2.9

Adaptive Security Appliance (ASA) Software 9.12.3

Adaptive Security Appliance (ASA) Software 9.12.3.12

Adaptive Security Appliance (ASA) Software 9.12.3.2

Adaptive Security Appliance (ASA) Software 9.12.3.7

Adaptive Security Appliance (ASA) Software 9.12.3.9

Adaptive Security Appliance (ASA) Software 9.12.4

Adaptive Security Appliance (ASA) Software 9.12.4.10

Adaptive Security Appliance (ASA) Software 9.12.4.13

Adaptive Security Appliance (ASA) Software 9.12.4.18

Adaptive Security Appliance (ASA) Software 9.12.4.2

Adaptive Security Appliance (ASA) Software 9.12.4.24

Adaptive Security Appliance (ASA) Software 9.12.4.26

Adaptive Security Appliance (ASA) Software 9.12.4.29

Adaptive Security Appliance (ASA) Software 9.12.4.30

Adaptive Security Appliance (ASA) Software 9.12.4.35

Adaptive Security Appliance (ASA) Software 9.12.4.37

Adaptive Security Appliance (ASA) Software 9.12.4.38

Adaptive Security Appliance (ASA) Software 9.12.4.39

Adaptive Security Appliance (ASA) Software 9.12.4.4

Adaptive Security Appliance (ASA) Software 9.12.4.40

Adaptive Security Appliance (ASA) Software 9.12.4.41

Adaptive Security Appliance (ASA) Software 9.12.4.47

Adaptive Security Appliance (ASA) Software 9.12.4.48

Adaptive Security Appliance (ASA) Software 9.12.4.50

Adaptive Security Appliance (ASA) Software 9.12.4.52

Adaptive Security Appliance (ASA) Software 9.12.4.54

Adaptive Security Appliance (ASA) Software 9.12.4.55

Adaptive Security Appliance (ASA) Software 9.12.4.56

Adaptive Security Appliance (ASA) Software 9.12.4.58

Adaptive Security Appliance (ASA) Software 9.12.4.62

Adaptive Security Appliance (ASA) Software 9.12.4.65

Adaptive Security Appliance (ASA) Software 9.12.4.67

Adaptive Security Appliance (ASA) Software 9.12.4.7

Adaptive Security Appliance (ASA) Software 9.12.4.8

Adaptive Security Appliance (ASA) Software 9.16.1

Adaptive Security Appliance (ASA) Software 9.16.1.28

Adaptive Security Appliance (ASA) Software 9.16.2

Adaptive Security Appliance (ASA) Software 9.16.2.11

Adaptive Security Appliance (ASA) Software 9.16.2.13

Adaptive Security Appliance (ASA) Software 9.16.2.14

Adaptive Security Appliance (ASA) Software 9.16.2.3

Adaptive Security Appliance (ASA) Software 9.16.2.7

Adaptive Security Appliance (ASA) Software 9.16.3

Adaptive Security Appliance (ASA) Software 9.16.3.14

Adaptive Security Appliance (ASA) Software 9.16.3.15

Adaptive Security Appliance (ASA) Software 9.16.3.19

Adaptive Security Appliance (ASA) Software 9.16.3.23

Adaptive Security Appliance (ASA) Software 9.16.3.3

Adaptive Security Appliance (ASA) Software 9.16.4

Adaptive Security Appliance (ASA) Software 9.16.4.14

Adaptive Security Appliance (ASA) Software 9.16.4.19

Adaptive Security Appliance (ASA) Software 9.16.4.27

Adaptive Security Appliance (ASA) Software 9.16.4.38

Adaptive Security Appliance (ASA) Software 9.16.4.39

Adaptive Security Appliance (ASA) Software 9.16.4.42

Adaptive Security Appliance (ASA) Software 9.16.4.48

Adaptive Security Appliance (ASA) Software 9.16.4.55

Adaptive Security Appliance (ASA) Software 9.16.4.57

Adaptive Security Appliance (ASA) Software 9.16.4.61

Adaptive Security Appliance (ASA) Software 9.16.4.62

Adaptive Security Appliance (ASA) Software 9.16.4.67

Adaptive Security Appliance (ASA) Software 9.16.4.70

Adaptive Security Appliance (ASA) Software 9.16.4.71

Adaptive Security Appliance (ASA) Software 9.16.4.76

Adaptive Security Appliance (ASA) Software 9.16.4.82

Adaptive Security Appliance (ASA) Software 9.16.4.84

Adaptive Security Appliance (ASA) Software 9.16.4.9

Adaptive Security Appliance (ASA) Software 9.17.1

Adaptive Security Appliance (ASA) Software 9.17.1.10

Adaptive Security Appliance (ASA) Software 9.17.1.11

Adaptive Security Appliance (ASA) Software 9.17.1.13

Adaptive Security Appliance (ASA) Software 9.17.1.15

Adaptive Security Appliance (ASA) Software 9.17.1.20

Adaptive Security Appliance (ASA) Software 9.17.1.30

Adaptive Security Appliance (ASA) Software 9.17.1.33

Adaptive Security Appliance (ASA) Software 9.17.1.39

Adaptive Security Appliance (ASA) Software 9.17.1.45

Adaptive Security Appliance (ASA) Software 9.17.1.46

Adaptive Security Appliance (ASA) Software 9.17.1.7

Adaptive Security Appliance (ASA) Software 9.17.1.9

Adaptive Security Appliance (ASA) Software 9.18.1

Adaptive Security Appliance (ASA) Software 9.18.1.3

Adaptive Security Appliance (ASA) Software 9.18.2

Adaptive Security Appliance (ASA) Software 9.18.2.5

Adaptive Security Appliance (ASA) Software 9.18.2.7

Adaptive Security Appliance (ASA) Software 9.18.2.8

Adaptive Security Appliance (ASA) Software 9.18.3

Adaptive Security Appliance (ASA) Software 9.18.3.39

Adaptive Security Appliance (ASA) Software 9.18.3.46

Adaptive Security Appliance (ASA) Software 9.18.3.53

Adaptive Security Appliance (ASA) Software 9.18.3.55

Adaptive Security Appliance (ASA) Software 9.18.3.56

Adaptive Security Appliance (ASA) Software 9.18.4

Adaptive Security Appliance (ASA) Software 9.18.4.22

Adaptive Security Appliance (ASA) Software 9.18.4.24

Adaptive Security Appliance (ASA) Software 9.18.4.29

Adaptive Security Appliance (ASA) Software 9.18.4.34

Adaptive Security Appliance (ASA) Software 9.18.4.40

Adaptive Security Appliance (ASA) Software 9.18.4.47

Adaptive Security Appliance (ASA) Software 9.18.4.5

Adaptive Security Appliance (ASA) Software 9.18.4.50

Adaptive Security Appliance (ASA) Software 9.18.4.52

Adaptive Security Appliance (ASA) Software 9.18.4.53

Adaptive Security Appliance (ASA) Software 9.18.4.57

Adaptive Security Appliance (ASA) Software 9.18.4.8

Adaptive Security Appliance (ASA) Software 9.19.1

Adaptive Security Appliance (ASA) Software 9.19.1.12

Adaptive Security Appliance (ASA) Software 9.19.1.18

Adaptive Security Appliance (ASA) Software 9.19.1.22

Adaptive Security Appliance (ASA) Software 9.19.1.24

Adaptive Security Appliance (ASA) Software 9.19.1.27

Adaptive Security Appliance (ASA) Software 9.19.1.28

Adaptive Security Appliance (ASA) Software 9.19.1.31

Adaptive Security Appliance (ASA) Software 9.19.1.37

Adaptive Security Appliance (ASA) Software 9.19.1.38

Adaptive Security Appliance (ASA) Software 9.19.1.42

Adaptive Security Appliance (ASA) Software 9.19.1.5

Adaptive Security Appliance (ASA) Software 9.19.1.9

Adaptive Security Appliance (ASA) Software 9.20.1

Adaptive Security Appliance (ASA) Software 9.20.1.5

Adaptive Security Appliance (ASA) Software 9.20.2

Adaptive Security Appliance (ASA) Software 9.20.2.10

Adaptive Security Appliance (ASA) Software 9.20.2.21

Adaptive Security Appliance (ASA) Software 9.20.2.22

Adaptive Security Appliance (ASA) Software 9.20.3

Adaptive Security Appliance (ASA) Software 9.20.3.10

Adaptive Security Appliance (ASA) Software 9.20.3.13

Adaptive Security Appliance (ASA) Software 9.20.3.16

Adaptive Security Appliance (ASA) Software 9.20.3.20

Adaptive Security Appliance (ASA) Software 9.20.3.4

Adaptive Security Appliance (ASA) Software 9.20.3.7

Adaptive Security Appliance (ASA) Software 9.20.3.9

Adaptive Security Appliance (ASA) Software 9.22.1.1

Adaptive Security Appliance (ASA) Software 9.22.1.2

Adaptive Security Appliance (ASA) Software 9.22.1.3

Adaptive Security Appliance (ASA) Software 9.22.1.6

Adaptive Security Appliance (ASA) Software 9.22.2

Adaptive Security Appliance (ASA) Software 9.23.1

Adaptive Security Appliance (ASA) Software 9.23.1.3

Firepower Threat Defense (FTD) 6.4.0

Firepower Threat Defense (FTD) 6.4.0.1

Firepower Threat Defense (FTD) 6.4.0.10

Firepower Threat Defense (FTD) 6.4.0.11

Firepower Threat Defense (FTD) 6.4.0.12

Firepower Threat Defense (FTD) 6.4.0.13

Firepower Threat Defense (FTD) 6.4.0.14

Firepower Threat Defense (FTD) 6.4.0.15

Firepower Threat Defense (FTD) 6.4.0.16

Firepower Threat Defense (FTD) 6.4.0.17

Firepower Threat Defense (FTD) 6.4.0.18

Firepower Threat Defense (FTD) 6.4.0.2

Firepower Threat Defense (FTD) 6.4.0.3

Firepower Threat Defense (FTD) 6.4.0.4

Firepower Threat Defense (FTD) 6.4.0.5

Firepower Threat Defense (FTD) 6.4.0.6

Firepower Threat Defense (FTD) 6.4.0.7

Firepower Threat Defense (FTD) 6.4.0.8

Firepower Threat Defense (FTD) 6.4.0.9

Firepower Threat Defense (FTD) 7.0.0

Firepower Threat Defense (FTD) 7.0.0.1

Firepower Threat Defense (FTD) 7.0.1

Firepower Threat Defense (FTD) 7.0.1.1

Firepower Threat Defense (FTD) 7.0.2

Firepower Threat Defense (FTD) 7.0.2.1

Firepower Threat Defense (FTD) 7.0.3

Firepower Threat Defense (FTD) 7.0.4

Firepower Threat Defense (FTD) 7.0.5

Firepower Threat Defense (FTD) 7.0.6

Firepower Threat Defense (FTD) 7.0.6.1

Firepower Threat Defense (FTD) 7.0.6.2

Firepower Threat Defense (FTD) 7.0.6.3

Firepower Threat Defense (FTD) 7.0.7

Firepower Threat Defense (FTD) 7.0.8

Firepower Threat Defense (FTD) 7.0.8.1

Firepower Threat Defense (FTD) 7.1.0

Firepower Threat Defense (FTD) 7.1.0.1

Firepower Threat Defense (FTD) 7.1.0.2

Firepower Threat Defense (FTD) 7.1.0.3

Firepower Threat Defense (FTD) 7.2.0

Firepower Threat Defense (FTD) 7.2.0.1

Firepower Threat Defense (FTD) 7.2.1

Firepower Threat Defense (FTD) 7.2.10

Firepower Threat Defense (FTD) 7.2.10.2

Firepower Threat Defense (FTD) 7.2.2

Firepower Threat Defense (FTD) 7.2.3

Firepower Threat Defense (FTD) 7.2.4

Firepower Threat Defense (FTD) 7.2.4.1

Firepower Threat Defense (FTD) 7.2.5

Firepower Threat Defense (FTD) 7.2.5.1

Firepower Threat Defense (FTD) 7.2.5.2

Firepower Threat Defense (FTD) 7.2.6

Firepower Threat Defense (FTD) 7.2.7

Firepower Threat Defense (FTD) 7.2.8

Firepower Threat Defense (FTD) 7.2.8.1

Firepower Threat Defense (FTD) 7.2.9

Firepower Threat Defense (FTD) 7.3.0

Firepower Threat Defense (FTD) 7.3.1

Firepower Threat Defense (FTD) 7.3.1.1

Firepower Threat Defense (FTD) 7.3.1.2

Firepower Threat Defense (FTD) 7.4.0

Firepower Threat Defense (FTD) 7.4.1

Firepower Threat Defense (FTD) 7.4.1.1

Firepower Threat Defense (FTD) 7.4.2

Firepower Threat Defense (FTD) 7.4.2.1

Firepower Threat Defense (FTD) 7.4.2.2

Firepower Threat Defense (FTD) 7.4.2.3

Firepower Threat Defense (FTD) 7.4.2.4

Firepower Threat Defense (FTD) 7.6.0

Firepower Threat Defense (FTD) 7.6.1

Firepower Threat Defense (FTD) 7.6.2

Firepower Threat Defense (FTD) 7.6.2.1

Firepower Threat Defense (FTD) 7.7.0

Firepower Threat Defense (FTD) 7.7.10

Firepower Threat Defense (FTD) 7.7.10.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-20100	https://www.cve.org/CVERecord?id=CVE-2026-20100
National Vulnerability Database (NVD)
2	CVE-2026-20100	https://nvd.nist.gov/vuln/detail/CVE-2026-20100

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-120	https://cwe.mitre.org/data/definitions/120.html

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC

Change Log

No	Changed Details	Date of change
1	[2026年05月07日] 掲載	May 7, 2026, 11:30 a.m.