Cisco Secure Firewall Threat Defense Software up to 7.7.10.1 CLI command unnecessary privileges

Summaryinfo

A vulnerability was found in Cisco Secure Firewall Threat Defense Software. It has been classified as problematic. This affects an unknown function of the component CLI. This manipulation of the argument command causes unnecessary privileges. The identification of this vulnerability is CVE-2026-20017. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Cisco Secure Firewall Threat Defense Software. It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component CLI. The manipulation of the argument command with an unknown input leads to a unnecessary privileges vulnerability. The CWE definition for the vulnerability is CWE-250. The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.

The advisory is shared at sec.cloudapps.cisco.com. This vulnerability is known as CVE-2026-20017 since 10/08/2025. The exploitation appears to be easy. An attack has to be approached locally. Additional levels of successful authentication are needed for exploitation. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1068 for this issue.

Upgrading eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Firewall Software

Vendor

• Cisco

Name

• Secure Firewall Threat Defense Software

Version

• 6.4.0
• 6.4.0.1
• 6.4.0.2
• 6.4.0.3
• 6.4.0.4
• 6.4.0.5
• 6.4.0.6
• 6.4.0.7
• 6.4.0.8
• 6.4.0.9
• 6.4.0.10
• 6.4.0.11
• 6.4.0.12
• 6.4.0.13
• 6.4.0.14
• 6.4.0.15
• 6.4.0.16
• 6.4.0.17
• 6.4.0.18
• 7.0.0
• 7.0.0.1
• 7.0.1
• 7.0.1.1
• 7.0.2
• 7.0.2.1
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.0.6.1
• 7.0.6.2
• 7.0.6.3
• 7.0.7
• 7.0.8
• 7.0.8.1
• 7.1.0
• 7.1.0.1
• 7.1.0.2
• 7.1.0.3
• 7.2.0
• 7.2.0.1
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.4
• 7.2.4.1
• 7.2.5
• 7.2.5.1
• 7.2.5.2
• 7.2.6
• 7.2.7
• 7.2.8
• 7.2.8.1
• 7.2.9
• 7.2.10
• 7.2.10.2
• 7.3.0
• 7.3.1
• 7.3.1.1
• 7.3.1.2
• 7.4.0
• 7.4.1
• 7.4.1.1
• 7.4.2
• 7.4.2.1
• 7.4.2.2
• 7.4.2.3
• 7.4.2.4
• 7.4.3
• 7.6.0
• 7.6.1
• 7.6.2
• 7.6.2.1
• 7.7.0
• 7.7.10
• 7.7.10.1

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion