"CVE-2026-20131 impacts the web-based management interface of FMC software and it can be exploited by a remote, unauthenticated attacker to execute arbitrary Java code with root privileges. Cisco noted at the time of disclosure that not exposing the FMC management interface to the internet reduces the vulnerability's attack surface."
"An investigation by Amazon researchers found evidence that the Interlock cybercrime group, known for several high-profile ransomware attacks, had exploited the vulnerability as a zero-day since at least January 26."
"Interlock has historically targeted specific sectors where operational disruption creates maximum pressure for payment. Education represents the largest share of their activity, followed by engineering, architecture, and construction firms, manufacturing and industrial organizations, healthcare providers, and government and public sector entities."
CVE-2026-20131 affects Cisco Secure Firewall Management Center (FMC) software, allowing remote unauthenticated attackers to execute arbitrary Java code with root privileges through the web-based management interface. The vulnerability was patched on March 4 alongside dozens of other Cisco vulnerabilities. Amazon's threat intelligence team discovered that the Interlock cybercrime group exploited this vulnerability as a zero-day since at least late January. Researchers accessed a misconfigured Interlock infrastructure server, revealing the group's attack chain, custom remote access trojans, reconnaissance scripts, and evasion techniques. Interlock primarily targets education, engineering, construction, manufacturing, healthcare, and government sectors to maximize operational disruption and payment pressure.
#cisco-vulnerability #zero-day-exploitation #ransomware #interlock-cybercrime-group #firewall-security
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]