Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.0
Cisco Secure FTD Software allows local attackers to execute arbitrary commands
CVE-2026-20017
Summary
An attacker with valid admin credentials on a Cisco Secure FTD device can run unauthorized system commands as the root user. This is a concern because it allows an attacker to gain elevated privileges and potentially take control of the system. To mitigate this risk, ensure that you keep your Cisco Secure FTD software up-to-date with the latest patches and restrict administrative access to only authorized personnel.
Original title
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulner...
Original description
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device.
This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
nvd CVSS3.1
6.0
Vulnerability type
CWE-250
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026