Cisco Secure FTD CLI: Local Privilege Escalation via Command Injection
CVE-2026-20063 Published on March 4, 2026
Cisco Secure FTD Software Authenticated Command Injection Vulnerability
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device.
This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
Vulnerability Analysis
CVE-2026-20063 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an Argument Injection Vulnerability?
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CVE-2026-20063 has been classified to as an Argument Injection vulnerability or weakness.
Affected Versions
Cisco Secure Firewall Threat Defense (FTD) Software:- Version 7.6.0 is affected.
- Version 7.7.0 is affected.
- Version 7.6.1 is affected.
- Version 7.6.2 is affected.
- Version 7.7.10 is affected.
- Version 7.6.2.1 is affected.
- Version 7.7.10.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.