virus logo Intrusion Prevention

Cisco.ASA.FTD.webvpn_files.Security.Bypass

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense.
The vulnerability is caused by an improper validation of user supplied data when the vulnerable application handles a maliciously crafted request. Successful exploitation could allow the attacker to bypass security checks on vulnerable systems

description-logoOutbreak Alert

Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software have been actively exploited in the wild. The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade. This activity presents a significant risk to victim networks.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Cisco ASA software release 9.12 - versions prior to 9.12.4.72
Cisco ASA software release 9.14 - versions prior to 9.14.4.28
Cisco ASA software release 9.16 - versions prior to 9.16.4.85
Cisco ASA software release 9.17 - versions prior to 9.17.1.45
Cisco ASA software release 9.18 - versions prior to 9.18.4.67
Cisco ASA software release 9.19 - versions prior to 9.19.1.42
Cisco ASA software release 9.20 - versions prior to 9.20.4.10
Cisco ASA software release 9.22 - versions prior to 9.22.2.14
Cisco ASA software release 9.23 - versions prior to 9.23.1.19
Cisco FTD software release 7.0 - versions prior to 7.0.8.1
Cisco FTD software release 7.1 - all versions
Cisco FTD software release 7.2 - versions prior to 7.2.10.2
Cisco FTD software release 7.3 - all versions
Cisco FTD software release 7.4 - versions prior to 7.4.2.4
Cisco FTD software release 7.6 - versions prior to 7.6.2.1
Cisco FTD software release 7.7 - versions prior to 7.7.10.1

Impact logoImpact

Security Bypass: Remote attackers can bypass security checking of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory for updates:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2026-01-12 35.148
Modified
 Sig Added
2025-12-18 35.137
Modified
 Default_action:pass:drop
2025-12-05 35.128
New
ID 59550
Created Dec 03, 2025
Updated Jan 12, 2026
CVE ID
Tags Cisco ASA and FTD Firewall Zero-day Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 42.31%
Default Action drop
Active
Affected OS Linux
Affected App Cisco
Profile Type Permission/Privilege/Access Control