Katherine Askew

**Name of the Vulnerable Software and Affected Versions** Cisco Secure FTD Software (affected versions not specified) **Description** A flaw exists in the Command Line Interface (CLI) of Cisco Secure FTD Software that may allow a local attacker with administrative privileges to execute arbitrary commands on the operating system with root access. This is caused by inadequate validation of user-provided command arguments. An attacker could exploit this by submitting specially crafted input to a specific CLI command. Successful exploitation could lead to the execution of commands on the underlying operating system as root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure FTD Software (affected versions not specified) **Description** A flaw exists in the Command Line Interface (CLI) of Cisco Secure FTD Software that could allow a local attacker with administrative privileges to execute arbitrary commands on the operating system with root access. This is caused by inadequate validation of user-provided command arguments. An attacker could exploit this by submitting specially crafted input to a specific CLI command. Successful exploitation could lead to the execution of commands with root privileges on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified) **Description** A flaw exists in Cisco Secure Firewall Threat Defense (FTD) Software that may allow a local attacker with authentication to trigger an unexpected device reload, leading to a denial of service (DoS) condition. The issue stems from insufficient validation of user-provided input. An attacker with limited privileges can exploit this by executing specially crafted commands through the command-line interface (CLI). Successful exploitation results in a DoS condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.