"This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device."
"A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. The exploitation risk is lower for FMC management interfaces that are not accessible from the internet."
"Cisco released a March 2026 bundled publication containing 25 security advisories that describe the security defects affecting its enterprise networking products, including two advisories detailing critical-severity flaws affecting Firewall ASA, Secure FMC, and Secure FTD appliances."
Cisco announced 25 security advisories addressing 50 vulnerabilities across enterprise networking products. Two critical vulnerabilities affect Cisco Secure FMC's web interface. CVE-2026-20079 (CVSS 10/10) involves authentication bypass through improper system processes, allowing attackers to execute arbitrary scripts and gain root access via crafted HTTP requests. CVE-2026-20131 (CVSS 10/10) stems from insecure Java deserialization, enabling attackers to execute Java code with root privileges through crafted serialized objects. Additionally, nine high-severity vulnerabilities exist in ASA Firewall, Secure FMC, and Secure FTD appliances, potentially enabling SQL injection attacks, denial-of-service conditions, and unauthorized file access.
#cisco-security-vulnerabilities #critical-authentication-bypass #remote-code-execution #firewall-security-flaws #privilege-escalation
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]