Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Cisco Secure Firewall FTD Device Can Crash After Malicious Command
CVE-2026-20064
Summary
An attacker with a regular user account on a Cisco Secure Firewall FTD device can crash the system by entering a specially crafted command, causing it to shut down and become unavailable. This can happen when an authorized user tries to exploit a weakness in the way the device handles user input. Cisco recommends updating the software to the latest version to prevent this issue.
Original title
A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) ...
Original description
A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition.
This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
nvd CVSS3.1
6.5
Vulnerability type
CWE-476
NULL Pointer Dereference
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026