Full Report
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. [...]
Analysis Summary
# Vulnerability: Cisco Secure FMC Critical Authentication Bypass and RCE
## CVE Details
- **CVE ID:** CVE-2026-20079
- **CVSS Score:** 10.0 (Critical)
- **CWE:** Not specified (Authentication Bypass / Insecure Deserialization Class)
- **CVE ID:** CVE-2026-20131
- **CVSS Score:** 10.0 (Critical)
- **CWE:** Not specified (Remote Code Execution / Java Deserialization Class)
## Affected Systems
- **Products:**
- Cisco Secure Firewall Management Center (FMC) Software
- Cisco Security Cloud Control (SCC) Firewall Management (specifically affected by CVE-2026-20131)
- **Versions:** On-premise and cloud installations of Secure FMC. (Specific version numbers were not detailed in the article; refer to vendor advisories for exact build numbers).
- **Configurations:** Web-based management interface enabled.
## Vulnerability Description
Cisco Secure FMC contains two critical flaws located in the web-based management interface:
1. **CVE-2026-20079 (Authentication Bypass):** This flaw allows an unauthenticated attacker to bypass authentication by sending crafted HTTP requests. This leads to complete root access to the device's underlying operating system.
2. **CVE-2026-20131 (Remote Code Execution):** This flaw stems from the improper handling of serialized Java objects sent to the management interface. An attacker can leverage this to execute arbitrary Java code and subsequently elevate privileges to root.
## Exploitation
- **Status:** Not exploited in the wild; No PoC available.
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** Total (Root access to management platform)
- **Integrity:** Total (Ability to modify firewall policies and OS files)
- **Availability:** Total (Full control over device operation)
## Remediation
### Patches
Cisco has released security updates to address these vulnerabilities. Administrators are urged to update to the latest fixed releases of:
- Cisco Secure FMC Software
- Cisco Security Cloud Control (Management updates applied by Cisco)
### Workarounds
- There are no listed workarounds that completely mitigate these flaws.
- **Guidance:** Access to the FMC management interface should be restricted to trusted internal networks or via VPN only, rather than being exposed to the public internet.
## Detection
- **Indicators of Compromise:** Unusual HTTP requests to the FMC web interface or unexpected serialized Java traffic.
- **Detection Methods:** Monitor web server logs for unauthorized access originating from unexpected IP addresses. Audit for unauthorized creation of root-level processes or unexpected script executions.
## References
- Cisco Security Advisory (CVE-2026-20079): hxxps://sec[.]cloudapps[.]cisco[.]com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
- Cisco Security Advisory (CVE-2026-20131): hxxps://sec[.]cloudapps[.]cisco[.]com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
- Cisco Vulnerability Listing: hxxps://sec[.]cloudapps[.]cisco[.]com/security/center/publicationListing[.]x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities