Cisco ASA ↗
Cisco · Network / Security
0/100 Critical · exploited
Summary iPlain-English security verdict for Cisco ASA, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Cisco ASA currently scores 0/100 — critical, with active exploitation. 13 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2020-3452. Upgrade immediately and review your exposure to the actively-exploited CVEs below.
Disclosure trend iNew CVEs published for Cisco ASA each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
⚠ 3 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2020-3452 HIGH ● exploited Improper input validation EPSS 94% → fixed in 9.14.1.10 CVE-2018-0296 HIGH ● exploited Improper input validation EPSS 94% → fixed in 9.9.2.1 CVE-2020-3580 MEDIUM ● exploited ⚠ ransomware Cross-site scripting (XSS) EPSS 93% → fixed in 9.15.1.15 CVE-2016-6366 HIGH ● exploited Buffer overflow EPSS 91% → fixed in 9.6.1\(11\) CVE-2014-2120 MEDIUM ● exploited Cross-site scripting (XSS) EPSS 75% → see advisory CVE-2020-3259 HIGH ● exploited ⚠ ransomware Information disclosure EPSS 70% → fixed in 9.13.1.10 CVE-2025-20362 MEDIUM ● exploited Missing authorization EPSS 43% → fixed in 9.23.1.19 CVE-2025-20333 CRITICAL ● exploited Buffer overflow EPSS 27% → fixed in 9.22.1.3 CVE-2024-20353 HIGH ● exploited CWE-835 EPSS 19% → see advisory CVE-2016-6367 HIGH ● exploited Command injection EPSS 19% → fixed in 9.0\(1\) CVE-2024-20481 MEDIUM ● exploited CWE-772 EPSS 11% → see advisory CVE-2023-20269 MEDIUM ● exploited ⚠ ransomware CWE-288 EPSS 1% → see advisoryℹ lifecycle unknown — needs latest supported version