Latest Cisco Secure FMC vulnerabilities: CVE-2026-20079 and CVE-2026-20131 #
Cisco disclosed in two advisories that certain versions of Cisco Secure Firewall Management Center (FMC) are affected by the following vulnerabilities:
- The Cisco FMC web interface contains an authentication bypass vulnerability stemming from an improper system process created at boot time. A remote, unauthenticated adversary could exploit this by sending crafted HTTP requests, allowing them to bypass authentication and execute script files or commands to obtain root access to the underlying operating system. The vulnerability has been designated CVE-2026-20079 and has been rated critical with a CVSS score of 10.0.
- The Cisco FMC web-based management interface contains a remote code execution (RCE) vulnerability due to insecure deserialization of a user-supplied Java byte stream. A remote, unauthenticated adversary could exploit this by sending a crafted serialized Java object to the interface, allowing them to execute arbitrary code and elevate privileges to root. Note: Deployments where the management interface lacks public Internet access significantly reduce the associated attack surface. The vulnerability has been designated CVE-2026-20131 and has been rated critical with a CVSS score of 10.0.
There is evidence that CVE-2026-20131 is being actively exploited in the wild.
The following versions of Cisco FMC are affected by one or both vulnerabilities
- Cisco FMC versions prior to 7.0.9
- Cisco FMC versions prior to 7.2.11
- Cisco FMC versions prior to 7.4.4 (CVE-2026-20079) and prior to 7.4.6 (CVE-2026-20131)
- Cisco FMC versions prior to 7.6.4 (CVE-2026-20079) and prior to 7.6.5 (CVE-2026-20131)
- Cisco FMC versions prior to 7.7.12
- Cisco FMC versions prior to 10.0.1 (CVE-2026-20131 only)
What is Cisco Secure Firewall Management Center? #
Cisco Secure Firewall Management Center (FMC) is a centralized administrative platform used to configure security policies, manage firmware updates, and aggregate threat telemetry across physical and virtual Cisco security appliances from a single interface.
What is the impact? #
Successful exploitation of these vulnerabilities would allow an adversary to execute arbitrary code on the vulnerable host, potentially leading to complete system compromise.
Are updates or workarounds available? #
Users are encouraged to update to the latest version as quickly as possible:
- Cisco FMC 6.4.0.13 through 6.4.0.18 upgrade to version 7.0.9 and later
- Cisco FMC 7.0.x upgrade to version 7.0.9 and later
- Cisco FMC 7.1.x through 7.2.x upgrade to version 7.2.11 and later
- Cisco FMC 7.3.x through 7.4.x upgrade to version 7.4.6 and later
- Cisco FMC 7.6.x upgrade to version 7.6.5 and later
- Cisco FMC 7.7.x upgrade to version 7.7.12 and later
- Cisco FMC 10.0.0 upgrade to version 10.0.1 and later
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially impacted assets:
os:="Cisco FMC%" AND os_version:>0 AND
((os_version:>="6.4.0.13" AND os_version:<="6.4.0.18") OR
(os_version:>="7.0.0" AND os_version:<"7.0.9") OR
(os_version:>="7.1.0" AND os_version:<"7.2.11") OR
(os_version:>="7.3.0" AND os_version:<"7.4.6") OR
(os_version:>="7.6.0" AND os_version:<"7.6.5") OR
(os_version:>="7.7.0" AND os_version:<"7.7.12") OR
(os_version:="10.0.0"))
