Advisory ID: cisco-sa-ftd-shell-9rhJF68K CVE ID: CVE-2020-3253 CWE ID: CWE-284 First Published: 2020 May 6 16:00 GMT CVSS Score: Base 6.7 Vulnerability: Medium Risk: This vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. Affected Products: At the time of publication, this vulnerability affected Cisco FTD Software releases earlier than Release 6.5.0 Products Confirmed Not Vulnerable: Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software Workarounds: There are no workarounds that address this vulnerability Fixed Releases: At the time of publication, Cisco FTD Software releases 6.5.0. and later contained the fix for this vulnerability Exploitation and Public Announcements: The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory Source: This vulnerability was found during internal security testing