Threat Advisories

Critical Cisco Secure FMC Vulnerabilities Enabling Remote Root Access

Written by Integrity360 | Mar 5, 2026 2:43:25 PM

Cisco has released emergency patches for two maximumseverity (CVSS 10.0) vulnerabilities affecting Cisco Secure Firewall Management Center (FMC). These flaws tracked as CVE202620079 and CVE202620131, allow unauthenticated, remote attackers to obtain rootlevel control over FMC appliances, posing a severe risk to enterprise firewall infrastructure. No exploitation in the wild has been observed yet, but the critical nature and ease of exploitation elevate these vulnerabilities to immediate remediation priority.

Affected Products –

  • Cisco Secure Firewall Management Center (FMC) – Onpremises versions affected by both CVEs.
  • Cisco Security Cloud Control (SCC) – Also affected by CVE202620131 (RCE flaw).

Vulnerability Details –

CVE202620079 – Authentication Bypass (CVSS 10.0)

  • Type: Authentication bypass leading to remote root access.
  • Cause: Improper system process created during system boot.
  • Attack Vector: Crafted HTTP requests sent to FMC’s web interface.
  • Impact: Execution of arbitrary scripts/commands as root.
  • Scope: Allows compromise not only of FMC but also managed devices (changed scope).

CVE202620131 – Remote Code Execution via Insecure Deserialization (CVSS 10.0)

  • Type: Unauthenticated remote code execution.
  • Cause: Insecure deserialization of user-supplied Java byte stream.
  • Attack Vector: Crafted serialized Java objects sent to FMC web interface.
  • Impact: Arbitrary Java code execution and root privilege escalation.
  • Affected Platforms: FMC onprem and SCC cloud management.

Impact -

  • Critical, due to:
    • Full rootlevel compromise of FMC.
    • Ability to alter firewall rules, deploy malware, disable logs.
    • Potential lateral movement into broader network infrastructure.
  • FMC instances exposed to the internet face significantly increased risk.

Exposure Considerations

  •  FMC instances exposed to the internet face significantly increased risk.  

Mitigation and Recommendations

Integrity360 recommends that organisation apply the Cisco Security Updates immediately as there are no work arounds available for this vulnerability.

Cisco has also patched dozens of other security vulnerabilities, including 15 high-severity security flaws in Secure FMC, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense software.

 If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

 

 
View full post