Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

The Critical Flaw in Cisco FMC and Cisco SCC Firewall Management: A Security Nightmare Unfolds



U.S. CISA adds a critical flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog, warning of a powerful remote code execution vulnerability that has been exploited by an APT group known as Interlock. The vulnerability, tracked as CVE-2026-20131, is a zero-day RCE flaw that resides in Cisco Secure FMC's web interface and allows unauthenticated remote attackers to execute arbitrary code as root.

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management to its Known Exploited Vulnerabilities catalog.
  • The vulnerability, CVE-2026-20131, is a zero-day Remote Code Execution (RCE) flaw that can be exploited by sending a crafted serialized Java object to the web-based management interface of an affected device.
  • The Interlock APT group has been exploiting this critical zero-day RCE vulnerability since late January, targeting multiple organizations, including DaVita, Kettering Health, and Texas Tech University.
  • CISA has ordered federal agencies to fix the vulnerability by March 22, 2026, and recommends private organizations review the Known Exploited Vulnerabilities catalog and address the vulnerabilities in their infrastructure.
  • The Interlock group's exploitation of this vulnerability highlights the ongoing threat landscape and emphasizes the importance of staying informed about newly discovered vulnerabilities.


    • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management to its Known Exploited Vulnerabilities catalog, highlighting the urgent need for organizations to patch this vulnerability as soon as possible.

    The vulnerability, tracked as CVE-2026-20131, is a zero-day Remote Code Execution (RCE) flaw that resides in Cisco Secure FMC's web interface. This means that an attacker can exploit the vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device, allowing them to execute arbitrary code as root on the device.

    The Interlock APT group has been exploiting this critical zero-day RCE vulnerability since late January, targeting multiple organizations, including DaVita, Kettering Health, and Texas Tech University. The attackers have also used a new AI-assisted malware strain called Slopoly in their operations.

    According to Amazon researchers, the Interlock group began exploiting the CVE-2026-20131 flaw 36 days before disclosure, starting on January 26, 2026. This gave the attackers time to compromise targets before detection. The activity was uncovered via honeypots and shared with Cisco to aid in the investigation and protect customers.

    CISA has ordered federal agencies to fix the vulnerability by March 22, 2026, highlighting the urgent need for organizations to take immediate action to patch this vulnerability.

    Experts also recommend that private organizations review the Known Exploited Vulnerabilities catalog and address the vulnerabilities in their infrastructure. This is particularly important given the high CVSS score of 10.0, indicating a critical severity level.

    The Interlock group's exploitation of this vulnerability highlights the ongoing threat landscape and the importance of staying informed about newly discovered vulnerabilities. Organizations must take proactive steps to patch this vulnerability as soon as possible to prevent potential attacks.

    Furthermore, CISA has also addressed other recently disclosed vulnerabilities in its catalog, including flaws in Microsoft SharePoint and Zimbra. These additions emphasize the agency's commitment to keeping organizations informed about newly discovered vulnerabilities and providing them with the necessary tools to stay secure.

    In conclusion, the critical flaw in Cisco FMC and Cisco SCC Firewall Management is a significant security concern that requires immediate attention from organizations. The Interlock group's exploitation of this vulnerability highlights the ongoing threat landscape, and it is essential for organizations to patch this vulnerability as soon as possible to prevent potential attacks.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Critical-Flaw-in-Cisco-FMC-and-Cisco-SCC-Firewall-Management-A-Security-Nightmare-Unfolds-ehn.shtml

  • https://securityaffairs.com/189682/security/u-s-cisa-adds-a-flaw-in-cisco-fmc-and-cisco-scc-firewall-management-to-its-known-exploited-vulnerabilities-catalog.html

  • https://www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh

  • https://nvd.nist.gov/vuln/detail/CVE-2026-20131

  • https://www.cvedetails.com/cve/CVE-2026-20131/

  • https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks

  • https://www.bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/

  • https://cybernews.com/security/cisa-advisory-interlock-ransomware-gang-targets-north-america-europe/

  • https://aws.amazon.com/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/


    • Published: Thu Mar 19 13:40:21 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us