Secure Cyber Vulnerability Management

06/03/2026
Qualys-Threat-Protect

Cisco Patches Secure Firewall Management Center Software Vulnerabilities (CVE-2026-20079 & CVE-2026-20131)

by Deepanshu Jha

Cisco released security updates to address two critical-severity vulnerabilities impacting the Secure Firewall Management Center Software. Successful exploitation of the vulnerabilities may lead to code execution.

Cisco Firewall Management Center analyzes network vulnerabilities, prioritizes attacks, and recommends protections to support security teams. FMC provides unified firewall management, application control, intrusion prevention, URL filtering, and malware defense. It also offers real-time visibility across networks to manage applications and malware outbreaks.

CVE-2026-20131: Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability

The vulnerability exists in the web-based management interface of Cisco Secure Firewall Management Center Software. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream.

An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. Upon successful exploitation, an unauthenticated, remote attacker could execute arbitrary Java code as root on an affected device.

CVE-2026-20079: Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability

The vulnerability in the web interface of Cisco Secure Firewall Management Center Software. This vulnerability is due to an improperly configured system process created at boot time.

An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device, thereby obtaining root access to the underlying operating system.

Affected Versions

The vulnerability affects the following Cisco Firepower Management (FMC) versions:

  • 6.4.0.13 before 7.0.9
  • 7.0.0 before 7.0.9
  • 7.1.0 before 7.2.11
  • 7.3.0 before 7.4.6
  • 7.6.0 before 7.6.5
  • 7.7.0 before 7.7.12
  • 10.0.0 before 10.0.1

Mitigation

Cisco has released software updates to address the vulnerability.

Customers can refer to the Cisco Security Advisories cisco-sa-onprem-fmc-authbypass-5JPp45V2 and cisco-sa-fmc-rce-NKhnULJh for information about the vulnerability.

Qualys Detection

Qualys customers can scan their devices with QIDs 317769 and 317770 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh

Comments are closed.

You may also like