Local Auth Cmd Injection in Cisco Secure FTD CLI Root Exec
CVE-2026-20017 Published on March 4, 2026

Cisco Secure FTD Software Authenticated Command Injection Vulnerability
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.

NVD

Vulnerability Analysis

CVE-2026-20017 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Execution with Unnecessary Privileges

The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Affected Versions

Cisco Secure Firewall Threat Defense (FTD) Software:

Version 6.4.0.1 is affected.
Version 6.4.0.2 is affected.
Version 6.4.0.5 is affected.
Version 6.4.0 is affected.
Version 6.4.0.3 is affected.
Version 6.4.0.4 is affected.
Version 6.4.0.6 is affected.
Version 6.4.0.7 is affected.
Version 6.4.0.8 is affected.
Version 6.4.0.9 is affected.
Version 6.4.0.10 is affected.
Version 6.4.0.11 is affected.
Version 6.4.0.12 is affected.
Version 7.0.0 is affected.
Version 7.0.0.1 is affected.
Version 7.0.1 is affected.
Version 7.1.0 is affected.
Version 6.4.0.13 is affected.
Version 7.0.1.1 is affected.
Version 6.4.0.14 is affected.
Version 7.1.0.1 is affected.
Version 7.0.2 is affected.
Version 6.4.0.15 is affected.
Version 7.2.0 is affected.
Version 7.0.2.1 is affected.
Version 7.0.3 is affected.
Version 7.1.0.2 is affected.
Version 7.2.0.1 is affected.
Version 7.0.4 is affected.
Version 7.2.1 is affected.
Version 7.0.5 is affected.
Version 6.4.0.16 is affected.
Version 7.3.0 is affected.
Version 7.2.2 is affected.
Version 7.2.3 is affected.
Version 7.3.1 is affected.
Version 7.1.0.3 is affected.
Version 7.2.4 is affected.
Version 7.0.6 is affected.
Version 7.2.5 is affected.
Version 7.2.4.1 is affected.
Version 7.3.1.1 is affected.
Version 7.4.0 is affected.
Version 6.4.0.17 is affected.
Version 7.0.6.1 is affected.
Version 7.2.5.1 is affected.
Version 7.4.1 is affected.
Version 7.2.6 is affected.
Version 7.0.6.2 is affected.
Version 7.4.1.1 is affected.
Version 6.4.0.18 is affected.
Version 7.2.7 is affected.
Version 7.2.5.2 is affected.
Version 7.3.1.2 is affected.
Version 7.2.8 is affected.
Version 7.6.0 is affected.
Version 7.4.2 is affected.
Version 7.2.8.1 is affected.
Version 7.0.6.3 is affected.
Version 7.4.2.1 is affected.
Version 7.2.9 is affected.
Version 7.0.7 is affected.
Version 7.7.0 is affected.
Version 7.4.2.2 is affected.
Version 7.2.10 is affected.
Version 7.6.1 is affected.
Version 7.4.2.3 is affected.
Version 7.0.8 is affected.
Version 7.6.2 is affected.
Version 7.7.10 is affected.
Version 7.0.8.1 is affected.
Version 7.6.2.1 is affected.
Version 7.7.10.1 is affected.
Version 7.4.2.4 is affected.
Version 7.2.10.2 is affected.
Version 7.4.3 is affected.

Local Auth Cmd Injection in Cisco Secure FTD CLI Root ExecCVE-2026-20017 Published on March 4, 2026

Vulnerability Analysis

Weakness Type

Execution with Unnecessary Privileges

Affected Versions

Local Auth Cmd Injection in Cisco Secure FTD CLI Root Exec
CVE-2026-20017 Published on March 4, 2026