Cisco Fixes Maximum-Severity Secure FMC Bugs Threatening Firewall Security

The cybersecurity landscape has witnessed numerous high-severity vulnerabilities in recent times, highlighting the need for robust security measures to protect network infrastructure. In a bid to strengthen its firewall security, Cisco has patched two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC), which could allow attackers to gain root access to managed firewalls. These patches bring relief to organizations that rely on Cisco's FMC for centralized management and control of their firewalls.

The first vulnerability, tracked as CVE-2026-20079, is an authentication bypass issue with a CVSS score of 10.0. This flaw resides in Cisco Secure FMC's web interface, allowing unauthenticated remote attackers to bypass authentication and send crafted HTTP requests to execute scripts, potentially gaining root access to the underlying operating system. According to Cisco's advisory, "A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system." This vulnerability is due to an improper system process created at boot time, which can be exploited by sending crafted HTTP requests.

To further exacerbate the situation, the second vulnerability, tracked as CVE-2026-20131, poses a remote code execution issue with a CVSS score of 10.0. The flaw resides in Cisco Secure FMC's web interface and allows unauthenticated remote attackers to exploit insecure Java deserialization, executing arbitrary code as root by sending a crafted serialized object. As stated in the advisory, "A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device." This vulnerability is due to insecure deserialization of user-supplied Java byte streams.

Both vulnerabilities have significant implications for organizations that rely on Cisco's FMC, as they provide a critical entry point for attackers. However, it's worth noting that both vulnerabilities do not appear to be publicly disclosed or actively exploited at the time of writing. Nevertheless, there are no workarounds provided by Cisco to address these flaws, making patching essential to mitigate the risk.

In conclusion, the recent patches from Cisco highlight the importance of keeping software up-to-date and ensuring the robustness of network security measures. The vulnerabilities highlighted in this article underscore the need for organizations to prioritize cybersecurity and maintain a proactive approach to identifying and addressing potential risks. By staying informed about the latest vulnerabilities and following best practices for secure software management, individuals can significantly reduce their exposure to attacks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon for more updates on cybersecurity news and trends.