Cisco released security updates to address two critical-severity vulnerabilities impacting the Secure Firewall Management Center Software. Successful exploitation of the vulnerabilities may lead to code execution.
Cisco Firewall Management Center analyzes network vulnerabilities, prioritizes attacks, and recommends protections to support security teams. FMC provides unified firewall management, application control, intrusion prevention, URL filtering, and malware defense. It also offers real-time visibility across networks to manage applications and malware outbreaks.
CVE-2026-20079: Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability
The vulnerability in the web interface of Cisco Secure Firewall Management Center Software. This vulnerability is due to an improperly configured system process created at boot time.
An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device, thereby obtaining root access to the underlying operating system.
CVE-2026-20131: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability
The vulnerability exists in the web-based management interface of Cisco Secure Firewall Management Center Software. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream.
An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. Upon successful exploitation, an unauthenticated, remote attacker could execute arbitrary Java code as root on an affected device.
Cisco updated the advisory, citing attempts to exploit this vulnerability in March 2026.
CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability before March 22, 2026.
Qualys Threat Intelligence assigned a Qualys Vulnerability Score (QVS) of 100 to CVE-2026-20131. Qualys Vulnerability Score (QVS) is a Qualys-assigned score for a vulnerability based on multiple factors associated with the CVE, such as CVSS scores and external threat indicators like active exploitation, exploit code maturity, CISA known exploits, and more.
Affected Versions
The vulnerability affects the following Cisco Firepower Management (FMC) versions:
- 6.4.0.13 before 7.0.9
- 7.0.0 before 7.0.9
- 7.1.0 before 7.2.11
- 7.3.0 before 7.4.6
- 7.6.0 before 7.6.5
- 7.7.0 before 7.7.12
- 10.0.0 before 10.0.1
Mitigation
Cisco has released software updates to address the vulnerability.
Customers can refer to the Cisco Security Advisories cisco-sa-onprem-fmc-authbypass-5JPp45V2 and cisco-sa-fmc-rce-NKhnULJh for information about the vulnerability.
Qualys Detection
Qualys customers can scan their devices with QIDs 317769 and 317770 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
