VDB
GCVE-110-NCSC-2026-77
GCVE-110-NCSC-2026-77
Advisory PublishedCVSS 6.5/10
A vulnerability in Cisco Secure Firewall ASA's SSH key-based authentication allows an unauthenticated remote attacker with a valid username and public key to log in and execute commands as that user without the private key, excluding root access.
Weaknesses (CWE)
CWE-388-CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-330Use of Insufficiently Random ValuesCWE-20Improper Input ValidationCWE-284Improper Access ControlCWE-27Path Traversal: 'dir/../../filename'CWE-401Missing Release of Memory after Effective LifetimeCWE-279Incorrect Execution-Assigned PermissionsCWE-248Uncaught ExceptionCWE-244Improper Clearing of Heap Memory Before Release ('Heap Inspection')CWE-823Use of Out-of-range Pointer OffsetCWE-404Improper Resource Shutdown or ReleaseCWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-138Improper Neutralization of Special ElementsCWE-250Execution with Unnecessary PrivilegesCWE-131Incorrect Calculation of Buffer SizeCWE-190Integer Overflow or WraparoundCWE-772Missing Release of Resource after Effective LifetimeCWE-770Allocation of Resources Without Limits or ThrottlingCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-269Improper Privilege ManagementCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds WriteCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-788Access of Memory Location After End of Buffer
Risk Scores
CVSS 3.1
6.5/10
Medium · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Cisco | vers:unknown/* | — | — |
Aliases
CVE-2024-20340CVE-2024-20358CVE-2026-20001CVE-2026-20002CVE-2026-20003CVE-2026-20006CVE-2026-20007CVE-2026-20008CVE-2026-20009CVE-2026-20013CVE-2026-20014CVE-2026-20015CVE-2026-20016CVE-2026-20017CVE-2026-20018CVE-2026-20020CVE-2026-20021CVE-2026-20022CVE-2026-20023CVE-2026-20024CVE-2026-20025CVE-2026-20031CVE-2026-20039CVE-2026-20044CVE-2026-20049CVE-2026-20050CVE-2026-20052CVE-2026-20062CVE-2026-20063CVE-2026-20064CVE-2026-20069CVE-2026-20070CVE-2026-20073CVE-2026-20082CVE-2026-20100CVE-2026-20101CVE-2026-20102CVE-2026-20103CVE-2026-20105CVE-2026-20106
References
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.