Description
A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition.

This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Published: 2026-03-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via device reload
Action: Patch
AI Analysis

Impact

A flaw in Cisco Secure Firewall Threat Defense Software allows an authenticated local user to send crafted commands through the command‑line interface, causing the device to unexpectedly reload and resulting in a denial‑of‑service condition. The weakness is rooted in improper input validation, and it is classified as CWE‑476.

Affected Systems

Cisco’s Secure Firewall Threat Defense (FTD) Software is affected. No specific version range is listed in the advisory, so the scope of vulnerable releases is presently unknown.

Risk and Exploitability

The CVSS base score of 6.5 indicates moderate severity, and the EPSS score of less than 1% suggests a currently low exploitation probability. The vulnerability requires an authenticated local user with low privileges; no remote or unauthenticated access is needed. Because the device can be forced to reload, an attacker could disrupt firewall operations, leading to a temporary denial of service for the protected network.

Generated by OpenCVE AI on April 16, 2026 at 13:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the most recent Cisco Secure Firewall Threat Defense software update that contains the command‑injection fix.
  • Restrict CLI access to users with administrative roles only, removing or disabling low‑privilege accounts that can enter commands.
  • Configure monitoring to detect abnormal reload events and set up alerts for unexpected restarts.

Generated by OpenCVE AI on April 16, 2026 at 13:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Title Local Command Injection Leading to Device Reload and DoS

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T19:05:59.053Z

Reserved: 2025-10-08T11:59:15.357Z

Link: CVE-2026-20064

cve-icon Vulnrichment

Updated: 2026-03-04T19:05:52.671Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T19:16:16.003

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20064

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:15:06Z

Weaknesses