CVE-2026-20064
Received Received - Intake

Improper Input Validation in Cisco FTD Causes DoS

Vulnerability report for CVE-2026-20064, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-04

Last updated on: 2026-04-28

Assigner: Cisco Systems, Inc.

Description

A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-04
Last Modified
2026-04-28
Generated
2026-07-06
AI Q&A
2026-03-04
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 76 associated CPEs
Vendor Product Version / Range
cisco firepower_threat_defense_software 6.2.3
cisco firepower_threat_defense_software 6.4.0
cisco firepower_threat_defense_software 6.4.0.1
cisco firepower_threat_defense_software 6.4.0.3
cisco firepower_threat_defense_software 6.4.0.2
cisco firepower_threat_defense_software 6.4.0.4
cisco firepower_threat_defense_software 6.4.0.5
cisco firepower_threat_defense_software 6.4.0.6
cisco firepower_threat_defense_software 6.4.0.7
cisco firepower_threat_defense_software 6.4.0.8
cisco firepower_threat_defense_software 6.4.0.9
cisco firepower_threat_defense_software 6.4.0.10
cisco firepower_threat_defense_software 6.4.0.11
cisco firepower_threat_defense_software 6.4.0.12
cisco firepower_threat_defense_software 6.4.0.13
cisco firepower_threat_defense_software 6.4.0.14
cisco firepower_threat_defense_software 6.4.0.15
cisco firepower_threat_defense_software 6.4.0.16
cisco firepower_threat_defense_software 6.4.0.17
cisco firepower_threat_defense_software 7.0.0
cisco firepower_threat_defense_software 7.0.0.1
cisco firepower_threat_defense_software 7.0.1
cisco firepower_threat_defense_software 7.0.1.1
cisco firepower_threat_defense_software 7.0.2
cisco firepower_threat_defense_software 7.0.2.1
cisco firepower_threat_defense_software 7.0.3
cisco firepower_threat_defense_software 7.0.4
cisco firepower_threat_defense_software 7.0.5
cisco firepower_threat_defense_software 7.0.6
cisco firepower_threat_defense_software 7.0.6.1
cisco firepower_threat_defense_software 7.1.0
cisco firepower_threat_defense_software 7.1.0.1
cisco firepower_threat_defense_software 7.1.0.2
cisco firepower_threat_defense_software 7.1.0.3
cisco firepower_threat_defense_software 7.2.0
cisco firepower_threat_defense_software 7.2.0.1
cisco firepower_threat_defense_software 7.2.1
cisco firepower_threat_defense_software 7.2.2
cisco firepower_threat_defense_software 7.2.3
cisco firepower_threat_defense_software 7.2.4
cisco firepower_threat_defense_software 7.2.4.1
cisco firepower_threat_defense_software 7.2.5
cisco firepower_threat_defense_software 7.2.5.1
cisco firepower_threat_defense_software 7.3.0
cisco firepower_threat_defense_software 7.3.1
cisco firepower_threat_defense_software 7.3.1.1
cisco firepower_threat_defense_software 7.4.0
cisco firepower_threat_defense_software 7.4.1
cisco firepower_threat_defense_software 7.4.1.1
cisco firepower_threat_defense_software 7.3.1.2
cisco firepower_threat_defense_software 7.2.8.1
cisco firepower_threat_defense_software 7.2.8
cisco firepower_threat_defense_software 7.2.5.2
cisco firepower_threat_defense_software 7.2.7
cisco firepower_threat_defense_software 7.2.6
cisco firepower_threat_defense_software 7.0.6.2
cisco firepower_threat_defense_software 6.4.0.18
cisco firepower_threat_defense_software 7.4.2
cisco firepower_threat_defense_software 7.0.6.3
cisco firepower_threat_defense_software 7.0.7
cisco firepower_threat_defense_software 7.0.8
cisco firepower_threat_defense_software 7.0.8.1
cisco firepower_threat_defense_software 7.2.9
cisco firepower_threat_defense_software 7.4.2.1
cisco firepower_threat_defense_software 7.4.2.2
cisco firepower_threat_defense_software 7.4.2.3
cisco firepower_threat_defense_software 7.4.2.4
cisco firepower_threat_defense_software 7.6.0
cisco firepower_threat_defense_software 7.7.0
cisco firepower_threat_defense_software 7.2.10
cisco firepower_threat_defense_software 7.2.10.2
cisco firepower_threat_defense_software 7.6.1
cisco firepower_threat_defense_software 7.6.2
cisco firepower_threat_defense_software 7.6.2.1
cisco firepower_threat_defense_software 7.7.10
cisco firepower_threat_defense_software 7.7.10.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

I don't know

Mitigation Strategies

I don't know

Compliance Impact

I don't know

Executive Summary

This vulnerability exists in Cisco Secure Firewall Threat Defense (FTD) Software and allows an authenticated local attacker with low privileges to cause the device to unexpectedly reload.

The issue arises from improper validation of user-supplied input, which can be exploited by using specially crafted commands at the command-line interface (CLI) prompt.

Successful exploitation results in the device reloading unexpectedly, leading to a denial of service (DoS) condition.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition on the affected Cisco Secure Firewall Threat Defense device.

An attacker with low-privileged access can cause the device to reload unexpectedly, which can disrupt network security operations and potentially cause downtime.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20064. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart