Description
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device.

This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
Published: 2026-03-04
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Root Command Injection
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the command line interface of Cisco Secure FTD Software, where insufficient validation of CLI command arguments permits an authenticated, local user to inject arbitrary commands that are executed on the device’s underlying operating system with root privileges. An attacker must have valid administrative credentials to exploit this flaw. The CVE description identifies the risk of executing arbitrary commands as root on the device, which could compromise the device’s confidentiality, integrity, and availability.

Affected Systems

Affected systems include Cisco Secure Firewall Threat Defense (FTD) Software installations. No specific version range is disclosed in the advisory, so all deployed FTD installations that have not applied any subsequent patch are potentially vulnerable. Administrators should verify whether their devices are running the affected build and check the vendor’s portal for the latest firmware or software update that remediates the issue.

Risk and Exploitability

The advisory assigns a medium CVSS score of 6.0 and an EPSS probability of less than 1 %, indicating a relatively low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. However, because an attacker must first obtain administrative credentials, the threat is confined to privileged users or to situations where credentials can be compromised. If successful, the attacker can command the operating system as root, which carries a high impact on confidentiality, integrity, and availability of the network defended by the device.

Generated by OpenCVE AI on April 17, 2026 at 13:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Cisco Secure FTD Software patch that resolves the CLI command injection flaw.
  • If patching is not immediately possible, restrict CLI access to a narrow set of trusted administrators and enforce strong authentication policies, such as multi‑factor authentication.
  • Enable comprehensive logging and monitoring of CLI command usage to detect suspicious activity, and consider disabling or limiting the vulnerable command if feasible.

Generated by OpenCVE AI on April 17, 2026 at 13:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
Title Cisco Secure FTD Software Authenticated Command Injection Vulnerability
Weaknesses CWE-88
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X'}

Subscriptions

Cisco Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-05T04:55:51.683Z

Reserved: 2025-10-08T11:59:15.356Z

Link: CVE-2026-20063

cve-icon Vulnrichment

Updated: 2026-03-04T21:00:54.666Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:21.170

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20063

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses