{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T15:22:45.484","vulnerabilities":[{"cve":{"id":"CVE-2026-20017","sourceIdentifier":"psirt@cisco.com","published":"2026-03-04T18:16:16.140","lastModified":"2026-03-05T19:39:11.967","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as&nbsp;root."},{"lang":"es","value":"Una vulnerabilidad en la CLI de Cisco Secure FTD Software podría permitir a un atacante autenticado y local ejecutar comandos arbitrarios en el sistema operativo subyacente como root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas válidas en un dispositivo afectado.\n\nEsta vulnerabilidad se debe a una validación de entrada insuficiente de los argumentos de comando proporcionados por el usuario. Un atacante podría explotar esta vulnerabilidad al enviar una entrada manipulada para un comando CLI específico. Un exploit exitoso podría permitir al atacante ejecutar comandos en el sistema operativo subyacente como root."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-250"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmd-inj-mTzGZexf","source":"psirt@cisco.com"}]}}]}