CVE-2026-20016Argument Injection in Cisco Secure Firewall Threat Defense Software

CWE-88Argument InjectionCWE-250Execution with Unnecessary PrivilegesCWE-476NULL Pointer Dereference4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.0%
top 99.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Firewall Threat Defense Software
Timeline
PublishedMar 4

Description

A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerab

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2026-20016: A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, lo2026-03-04
GHSA
GHSA-f74q-99mf-mmj8: A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, lo2026-03-04

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerabilities2026-03-04
CVE-2026-20016 — Argument Injection in Cisco | cvebase