Critical Cisco Secure Firewall Management Center Vulnerabilities Addressed
Summary
Cisco has released security updates for critical vulnerabilities (CVSS 10.0) in its Secure Firewall Management Center software. Users of affected on-premises versions are advised to update immediately to prevent root access and arbitrary code execution.
What changed
Cisco has issued an urgent security advisory detailing two critical vulnerabilities (CVE-2026-20079 and CVE-2026-20131) in its Secure Firewall Management Center (FMC) software, both with a CVSS v3.1 score of 10.0. CVE-2026-20079 allows for authentication bypass and root access, while CVE-2026-20131 enables remote code execution with root privileges. These vulnerabilities affect all on-premises FMC software releases and Cisco Security Cloud Control (SCC) Firewall Management.
Administrators of affected on-premises Cisco Secure FMC versions must immediately update to the latest version, as no workarounds are available. Successful exploitation could lead to complete system compromise. While Cisco SCC has been automatically upgraded, on-premises deployments require direct user action. Failure to update could expose critical network infrastructure to severe security breaches.
What to do next
- Update Cisco Secure Firewall Management Center (FMC) software to the latest version immediately.
- Verify that Cisco Security Cloud Control (SCC) Firewall Management has been automatically upgraded by Cisco.
- Review Cisco's security advisories for detailed technical information on the vulnerabilities and affected versions.
Source document (simplified)
Alerts
Critical Vulnerabilities in Cisco Secure Firewall Management Center
6 March 2026
Cisco has released security updates to address multiple maximum-severity vulnerabilities in its Secure Firewall Management Center software. Users and administrators of affected product versions are advised to update to the latest version immediately.
Background
Cisco has released security updates to address two critical vulnerabilities affecting its Secure Firewall Management Center (FMC). Both vulnerabilities have been assigned a Common Vulnerability Scoring System (CVSS v3.1) score of 10.0 out of 10.
CVE-2026-20079: An authentication bypass vulnerability in the web-based management interface that can be exploited by sending crafted HTTP requests to the affected device. This flaw is due to an improper system process created at boot time.
CVE-2026-20131: A remote code execution (RCE) vulnerability caused by insecure deserialisation of user-supplied Java byte streams in the web-based management interface.
Impact
Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to perform the following:
Root Access (CVE-2026-20079): Bypass authentication and execute script files to obtain root-level access to the underlying operating system.
Arbitrary Code Execution (CVE-2026-20131): Execute arbitrary code with root privileges on the affected device by sending a crafted serialised Java object.
Affected Products
The vulnerabilities affect Cisco Secure Firewall Management Center (FMC) Software.
CVE-2026-20079: Affects all on-premises Secure FMC software releases.
CVE-2026-20131: Affects on-premises Secure FMC software and Cisco Security Cloud Control (SCC) Firewall Management.
Note: Cisco SCC is a SaaS-delivered offering and has been automatically upgraded by Cisco; no user action is required for the cloud-delivered component.
Recommendations
Users and administrators of affected product versions are advised to update to the latest version immediately. Cisco has indicated that there are no workarounds available for these vulnerabilities.
References
https://nvd.nist.gov/vuln/detail/CVE-2026-20079
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Vulnerability Alerts alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CSA Alerts & Advisories (Singapore) publishes new changes.