OTPulse

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability

Monitor5.3cisco-sa-asa-ssh-keybypass-cr5xPUSfMar 4, 2026
CiscoEnergyManufacturing
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in the SSH key-based authentication implementation in Cisco Secure Firewall ASA Software allows an unauthenticated attacker to log in to affected devices without possessing the actual private SSH key. The flaw is due to insufficient validation of user input during SSH authentication. An attacker needs only a valid username and the associated public key to bypass authentication and execute commands as that user. This affects all versions of Firepower 2100, 1000, 3000 ISA, 9000, 4100 Series and ASAv, as well as Secure Firewall 3100, 4200, and 1200 Series appliances. The vulnerability does not grant root access, and the AAA auto-enable command is not affected.

What this means
What could happen
An attacker with network access to SSH on your firewall appliance could log in without the correct private key, potentially allowing them to execute administrative commands and modify firewall rules or configurations.
Who's at risk
Energy and manufacturing organizations using Cisco Secure Firewall appliances (Firepower or Secure Firewall series) as network perimeter devices. This includes Firepower 2100, 1000, 3000 (ISA), 9000, 4100 Series, ASAv, and Secure Firewall 3100, 4200, 1200 Series appliances.
How it could be exploited
The attacker performs an SSH connection attempt to port 22 on the firewall and submits crafted input during the authentication phase. Because the SSH key validation is insufficient, the attacker can bypass authentication using only a valid username and the associated public key (which is often retrievable or already known), without needing the actual private key.
Prerequisites
  • Network access to SSH port 22 on the firewall
  • Knowledge of a valid username on the firewall
  • Access to the public SSH key of that user
Remotely exploitableNo authentication requiredLow complexity attackAffects firewall management access
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (9)
9 with fix
ProductAffected VersionsFix Status
Firepower 2100 SeriesAll versionsFix available
Firepower 1000 SeriesAll versionsFix available
3000 Series Industrial Security Appliances (ISA)All versionsFix available
Firepower 9000 SeriesAll versionsFix available
Firepower 4100 SeriesAll versionsFix available
Adaptive Security Virtual Appliance (ASAv)All versionsFix available
Secure Firewall 3100 SeriesAll versionsFix available
Secure Firewall 4200 SeriesAll versionsFix available
Remediation & Mitigation
0/10
Do now
0/1
HARDENINGRestrict SSH access to the firewall management interface to authorized administrators only using network access controls or firewall rules
Schedule — requires maintenance window
0/9

Patching may require device reboot — plan for process interruption

Firepower 2100 Series
HOTFIXUpdate Firepower 2100 Series to a patched version released in March 2026 or later
Firepower 1000 Series
HOTFIXUpdate Firepower 1000 Series to a patched version released in March 2026 or later
Firepower 9000 Series
HOTFIXUpdate Firepower 9000 Series to a patched version released in March 2026 or later
Firepower 4100 Series
HOTFIXUpdate Firepower 4100 Series to a patched version released in March 2026 or later
Adaptive Security Virtual Appliance (ASAv)
HOTFIXUpdate Adaptive Security Virtual Appliance (ASAv) to a patched version released in March 2026 or later
Secure Firewall 3100 Series
HOTFIXUpdate Secure Firewall 3100 Series to a patched version released in March 2026 or later
Secure Firewall 4200 Series
HOTFIXUpdate Secure Firewall 4200 Series to a patched version released in March 2026 or later
Secure Firewall 1200 Series
HOTFIXUpdate Secure Firewall 1200 Series to a patched version released in March 2026 or later
All products
HOTFIXUpdate Firepower 3000 Series Industrial Security Appliances to a patched version released in March 2026 or later
View full vendor advisory
API: /api/v1/advisories/df7d21c3-418d-457d-ac14-98822f1c298d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability | CVSS 5.3 - OTPulse