Cisco has released security updates to fix 2 critical vulnerabilities in its Secure Firewall Management Centre (FMC) that could allow attackers to gain root-level access to managed firewall systems.
Cisco Secure Firewall Management Centre (FMC) is a centralized platform used to manage multiple firewalls. It allows administrators to configure, monitor, and control firewalls through a web or SSH interface.
Through FMC, security teams manage functions such as intrusion prevention (IPS), application control, URL filtering, advanced malware protection, logging, reporting, and overall network security operations across their infrastructure.
Authentication bypass vulnerability
The first vulnerability is tracked as CVE-2026-20079 and has received a CVSS score of 10.0, the highest possible severity rating.
This flaw is an authentication bypass vulnerability located in the web interface of Cisco Secure FMC. It allows unauthenticated remote attackers to bypass the login process and send specially crafted HTTP requests to execute scripts.
If successfully exploited, attackers could gain root access to the underlying operating system.
“A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system.” the advisory stated.
“This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.”
Remote code execution vulnerability
The second vulnerability, CVE-2026-20131, also carries a CVSS score of 10.0 and enables remote code execution.
The flaw exists in the web-based management interface of Cisco Secure FMC and allows attackers to exploit insecure Java deserialization.
By sending a specially crafted serialized Java object, an attacker could execute arbitrary code with root privileges.
“A vulnerability in the web-based management interface of Cisco Secure Firewall Management Centre (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.” the advisory stated.
“This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”
The vulnerability CVE-2026-20131 also impacts Cisco Security Cloud Control (SCC) Firewall Management.
Cisco’s Product Security Incident Response Team (PSIRT) said it is not aware of any public disclosure or active exploitation of the vulnerabilities so far.
However, the company confirmed that no workarounds are available, making security updates the only way to address the flaws.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
