Cisco Secure Firewall Management Center Vulnerability

Cisco has released security updates for two critical (CVSS 10.0) vulnerabilities affecting Cisco Secure Firewall Management Center (FMC).  These issues impact the web-based management interface and could allow an unauthenticated remote attacker to execute code and gain root-level access to an affected FMC system.

What You Need to Know

• Cisco disclosed two critical vulnerabilities in Cisco Secure FMC that are remotely exploitable through the FMC management interface.
  • CVE-2026-20079 – An attacker can send crafted HTTP requests to bypass authentication and then execute scripts/commands that can result in root access.
  • CVE-2026-20131 – An attacker can exploit insecure deserialization (crafted serialized Java objects) to achieve remote code execution and escalate to root.
• Cisco has released software updates to address these issues and has stated there are no workarounds that fully mitigate them—upgrading is the remediation.  All Cisco Secure FMC Software is impacted, regardless of configuration.
• Cisco has also stated that it is not aware of any public announcements or malicious use of these vulnerabilities.

What we are doing now (Managed Services Customers)

• We are reviewing our managed customer environments for affected FMC versions and exposure paths.
• We will work with you to schedule remediation (upgrade/patching) during an agreed maintenance window to minimize impact.
• We will coordinate validation steps after remediation (service checks, management access verification, and basic health review).

Recommended Actions (All Non- Managed Services Customers)

Even if you have not observed issues, we recommend the following steps as soon as possible:

• Apply Cisco’s fixed software updates for FMC (upgrade to the remediated release for your current software train).
• Ensure the FMC management interface is not exposed to the public internet and is restricted to trusted administrative networks (VPN/jump host/allowlisted IPs).
• Review logs and alerts for unusual activity, including unexpected admin logins, new users, configuration changes, or suspicious outbound connections from FMC.
• Confirm your internal teams (IT/SecOps/help desk) are aware so related tickets can be triaged appropriately.

Reference Information

• Cisco Security Advisories:
  Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability
  Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability
• News Sources:
  Cisco Secure Firewall Management Vulnerability Allow Attackers to Bypass Authentication
  Cisco warns of max severity Secure FMC flaws giving root access

How to Get Help

• Managed Services Customers – Please contact your Customer Success Manager (CSM) directly to coordinate scheduling and remediation planning.
• Non-Managed Services Customers – Please reach out to prosvcs@aqueductech.com to discuss options for professional services support (upgrade planning, execution support, and post-upgrade validation).