Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.0
Cisco Secure FTD Software CLI Allows Local Attackers to Run Commands as Root
CVE-2026-20063
Summary
An attacker with administrative credentials on a Cisco Secure FTD device can run arbitrary commands on the operating system as root. This is a risk because it allows unauthorized access to sensitive system functions. Update the software to the latest version to prevent exploitation.
Original title
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulner...
Original description
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device.
This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
nvd CVSS3.1
6.0
Vulnerability type
CWE-88
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026