a

News

Cisco Secure Firewall Management Center Critical Vulnerabilities

5 Mar 2026

Overview

  • CVE: CVE-2026-20079, CVE-2026-20131

  • Severity: Critical

  • Date: 05 March 2026

Summary

Cisco has released security advisories for two critical vulnerabilities affecting Cisco Secure Firewall Management Center (FMC). Both vulnerabilities allow unauthenticated, remote attackers to obtain root-level access to affected devices via the web-based management interface. Immediate remediation is strongly recommended.

Affected Version

  • Cisco Secure Firewall Management Center (FMC) Software

Vulnerability Breakdown
CVE-2026-20079 - Improper System Process

  • Severity: Critical

  • CVSS: 10.0

  • Description: A vulnerability in the web interface of FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files. The issue is due to an improper system process created at boot time.

  • Impact: Successful exploitation could allow execution of scripts and commands, resulting in root access to the underlying operating system.

  • Conditions: Remote access to the FMC web interface; no authentication required.

CVE-2026-20131 - Insecure Deserialisation

  • Severity: Critical

  • CVSS: 10.0

  • Description: A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to execute arbitrary Java code as root. The vulnerability is due to insecure deserialisation of a user-supplied Java byte stream.

  • Impact: Successful exploitation could allow arbitrary code execution and privilege escalation to root.

  • Conditions: Remote access to the FMC web interface; no authentication required.

  • Note: If the FMC management interface is not exposed to the public internet, the attack surface is reduced.

Mitigation

  • Upgrade affected Cisco Secure Firewall Management Center systems to the fixed software versions provided in Cisco’s advisories.

  • Restrict exposure of the FMC web-based management interface, particularly from untrusted or public networks.

  • Review access controls for management interfaces until patching is completed.

Summary for IT Teams

  • Product: Cisco Secure Firewall Management Center (FMC)

  • Threat Level: Critical

  • Risk: Unauthenticated remote root access and arbitrary code execution

  • Action Required:

    • Identify exposed FMC instances.

    • Upgrade to Cisco’s fixed releases immediately.

    • Restrict public or untrusted network access to the FMC web interface.

Reference
Need Help?

If your organisation needs assistance assessing or patching your environment, the Secure ISS SOC team is ready to help. Please get in touch on 1300 769 460 or email us.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US