Ethical Hacking News
Cisco has issued a high-priority security advisory to address two critical vulnerabilities in its Secure Firewall Management Center (FMC) software, which could allow attackers to gain root access to managed firewalls. The vulnerabilities have been rated at 10.0 on the Common Vulnerability Scoring System (CVSS), indicating that they are highly critical and could have significant consequences for organizations that use Cisco FMC software.
Cisco has issued a high-priority security advisory for two critical vulnerabilities in its Secure Firewall Management Center (FMC) software.The first vulnerability (CVE-2026-20079) is an authentication bypass issue that allows unauthenticated remote attackers to execute scripts on affected devices.The second vulnerability (CVE-2026-20131) is a remote code execution issue that enables attackers to exploit insecure Java deserialization and execute arbitrary code as root.Both vulnerabilities have a CVSS score of 10.0, indicating they are highly critical and could have significant consequences for organizations using Cisco FMC software.Cisco recommends applying the updated software immediately, but it's an ongoing process requiring regular monitoring and updates to ensure firewalls remain secure.
Cisco has issued a high-priority security advisory to address two critical vulnerabilities in its Secure Firewall Management Center (FMC) software, which could allow attackers to gain root access to managed firewalls. The first vulnerability, tracked as CVE-2026-20079, is an authentication bypass issue that resides in the FMC's web interface and lets unauthenticated remote attackers bypass authentication and send crafted HTTP requests to execute scripts on an affected device.
The second vulnerability, tracked as CVE-2026-20131, is a remote code execution issue that resides in the FMC's web interface and allows unauthenticated remote attackers to exploit insecure Java deserialization and execute arbitrary code as root by sending a crafted serialized object. This vulnerability also impacts Cisco Security Cloud Control (SCC) Firewall Management.
The severity of both vulnerabilities has been rated at 10.0 on the Common Vulnerability Scoring System (CVSS), indicating that they are highly critical and could have significant consequences for organizations that use Cisco FMC software. The CVSS score is a widely accepted standard for measuring the severity of security vulnerabilities, with higher scores indicating greater potential risk.
Cisco has stated that it is not aware of any public disclosure or active exploitation of both vulnerabilities, but this does not necessarily mean that they are safe to ignore. In fact, the lack of public awareness and exploitation could make them even more critical, as organizations may be unaware of the risks associated with these vulnerabilities until it's too late.
In order to patch these vulnerabilities, Cisco has released updated software for FMC and SCC Firewall Management, which should be applied immediately. However, this is not a one-time fix, but rather an ongoing process that will require regular monitoring and updates to ensure that firewalls remain secure.
The impact of this vulnerability on organizations that use Cisco FMC software cannot be overstated. If successful, attackers could gain root access to managed firewalls, which would grant them control over the entire network, including sensitive data and critical infrastructure. This could lead to significant downtime, data breaches, and other consequences that could have long-term effects on an organization's reputation and bottom line.
In light of this new vulnerability, it is essential for organizations to take immediate action to patch their systems and ensure that they are not left vulnerable to attack. This will require a concerted effort from IT teams, security professionals, and management, as well as a willingness to invest time and resources into securing the organization's network infrastructure.
In conclusion, the discovery of this critical vulnerability in Cisco FMC software highlights the importance of ongoing vigilance and proactive measures when it comes to cybersecurity. Organizations must take these vulnerabilities seriously and take immediate action to patch their systems and protect themselves from potential attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-FMC-Vulnerabilities-A-Double-Whammy-for-Firewalls-ehn.shtml
https://securityaffairs.com/188921/security/cisco-fixes-maximum-severity-secure-fmc-bugs-threatening-firewall-security.html
https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
https://nvd.nist.gov/vuln/detail/CVE-2026-20079
https://www.cvedetails.com/cve/CVE-2026-20079/
https://nvd.nist.gov/vuln/detail/CVE-2026-20131
https://www.cvedetails.com/cve/CVE-2026-20131/
Published: Wed Mar 4 17:52:22 2026 by llama3.2 3B Q4_K_M
