CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2026-20131

CVSS 10.0v3.1pub. 2026-03-04upd. 2026-03-25

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

🤖 AI Analysis
How it works

The vulnerability results from unsafe deserialization of a Java byte stream supplied by the user (CWE-502). The attacker sends a crafted, serialized Java object to the management web interface of the vulnerable device. The lack of authentication required to perform the attack and the absence of network restrictions (if the interface is accessible from the internet) make exploitation exceptionally simple. Successful exploitation of the vulnerability leads to arbitrary code execution and privilege escalation to root level.

Impact

Attackers gain full control of the device with root privileges, enabling execution of arbitrary commands, theft of configuration data, modification of firewall security policies, and potential lateral movement in the victim's network.

Mitigation & patch

Patches available from the vendor must be applied immediately in accordance with the official Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh). As an interim measure to reduce attack surface, ensure that the FMC management interface is not accessible from the public internet — according to the vendor's recommendation, this limits exploitation risk.

Who is affected

Cisco Secure Firewall Management Center (FMC) Software — specific versions indicated in vendor references (Cisco Security Advisory cisco-sa-fmc-rce-NKhnULJh)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco Secure Firewall Management Center

    APP
    Cisco
    10.0.06.4.0.136.4.0.146.4.0.156.4.0.166.4.0.176.4.0.187.0.07.0.0.17.0.17.0.1.17.0.27.0.2.17.0.37.0.4+ 56 więcej

CISA KEV — detailsi

Vendori
Cisco
Producti
Secure Firewall Management Center (FMC)
Added to KEVi
March 19, 2026
Remediation deadline (US Federal)i
March 22, 2026(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 22 marca 2026
Tags
RCEDeserializationFirewall
CWE
References

Related vulnerabilities

CVE-2025-20265CRITICAL10.0PL ✓ten sam produkt

RCE przez RADIUS w Cisco Secure Firewall Management Center

CVE-2024-20424CRITICAL9.9PL ✓ten sam produkt

Command injection w Cisco Secure Firewall Management Center — RCE jako root

CVE-2023-20048CRITICAL9.9ten sam produkt

A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow ...

CVE-2019-16028CRITICAL9.8ten sam produkt

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow a...

CVE-2020-3318CRITICAL9.8ten sam produkt

Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent So...