Cisco has released security updates addressing two maximum-severity vulnerabilities affecting Cisco Secure Firewall Management Center (FMC) and Cisco Security Cloud Control (SCC) firewall management platforms. The flaws could allow unauthenticated attackers to gain full root access to affected systems, posing a serious risk to organizations using Cisco firewall management infrastructure.
Vulnerability Overview
The vulnerabilities impact Cisco Secure Firewall Management Center (FMC), a centralized management platform used to configure and manage Cisco firewalls, intrusion prevention policies, URL filtering, and advanced malware protection capabilities.
The affected vulnerabilities include:
CVE-2026-20079: Authentication Bypass (CVSS 10.0)
This flaw allows remote attackers to bypass authentication by sending specially crafted HTTP requests to the FMC web interface. Successful exploitation could allow attackers to execute commands and scripts directly on the underlying operating system with root privileges.
CVE-2026-20131: Remote Code Execution (CVSS 10.0)
This vulnerability allows attackers to send a malicious serialized Java object to the web management interface, resulting in arbitrary code execution as root on the affected system.
The RCE vulnerability also affects Cisco Security Cloud Control (SCC) Firewall Management, a cloud-based platform used to centrally manage security policies across Cisco firewall deployments.
Exploitation Status
At the time of writing, Cisco’s Product Security Incident Response Team (PSIRT) reports no evidence of active exploitation and no publicly available proof-of-concept exploit code.
However, vulnerabilities with the following characteristics often attract rapid attacker interest. Historically, critical vulnerabilities affecting Cisco network infrastructure have been quickly weaponized once technical details become available.
Organizations should therefore treat these vulnerabilities as high-priority patching events.
Affected Systems
The vulnerabilities affect:
- Cisco Secure Firewall Management Center (FMC) Software
- Cisco Security Cloud Control (SCC) Firewall Management
Organizations running Cisco firewall infrastructure should review the associated Cisco advisories and verify patch status across these platforms.
Recommended Mitigations
Organizations using affected Cisco products should take the following actions immediately:
Apply Cisco security updates, by upgrading Secure FMC and related products to patched versions provided by Cisco.
Restrict management interface exposure to ensure FMC management interfaces are not directly exposed to the internet.
Implement network segmentation to restrict administrative access to trusted management networks only.
Monitor for suspicious activity
- Review logs for abnormal access attempts to FMC web interfaces.
- Monitor for unexpected configuration changes or new administrative accounts.
Enable strong access controls, such as enforcing MFA and strict access policies for administrative access to firewall management systems.
Stay Safe. Stay Secure
OP Innovate Research Team
