CVE-2026-20002 - Vulnerability Details

- SQL Injection in Cisco Secure FMC Web Interface Allowing Database and OS File Access

Description

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials.

Published: 2026-03-04

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability occurs in the web‑based interface of Cisco Secure FMC Software and allows an authenticated remote attacker to inject arbitrary SQL statements due to insufficient input validation. Successful exploitation grants the attacker total access to the FMC database and the capability to read certain files on the underlying operating system, thereby compromising data confidentiality and potentially allowing further system manipulation.

Affected Systems

Cisco Secure Firewall Management Center (FMC) is affected; the specific product version is not listed in the advisory, but any installed instance of the SOC should be considered at risk.

Risk and Exploitability

The flaw carries a CVSS score of 8.1, indicating a severe risk. The EPSS score is less than 1%, suggesting a low current exploitation probability, and the vulnerability is not yet listed in CISA’s KEV catalog. The attack vector is remote and requires that the attacker possess valid user credentials to the FMC web interface, which typically means access to an administrative or privileged account. Once authenticated, the attacker can send crafted requests that execute arbitrary SQL commands, potentially yielding full database compromise and OS file reads.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Secure Firewall Management Center (FMC)

affected

Version	Status	Constraints
`6.4.0`	affected	—
`6.4.0.1`	affected	—
`6.4.0.3`	affected	—
`6.4.0.2`	affected	—
`6.4.0.4`	affected	—
`6.4.0.5`	affected	—
`6.4.0.6`	affected	—
`6.4.0.7`	affected	—
`6.4.0.8`	affected	—
`6.4.0.9`	affected	—
`6.4.0.10`	affected	—
`6.4.0.11`	affected	—
`6.4.0.12`	affected	—
`6.4.0.13`	affected	—
`6.4.0.14`	affected	—
`6.4.0.15`	affected	—
`6.4.0.16`	affected	—
`6.4.0.17`	affected	—
`6.4.0.18`	affected	—
`7.0.0`	affected	—
`7.0.0.1`	affected	—
`7.0.1`	affected	—
`7.0.1.1`	affected	—
`7.0.2`	affected	—
`7.0.2.1`	affected	—
`7.0.3`	affected	—
`7.0.4`	affected	—
`7.0.5`	affected	—
`7.0.6`	affected	—
`7.0.6.1`	affected	—
`7.0.6.2`	affected	—
`7.0.6.3`	affected	—
`7.0.7`	affected	—
`7.0.8`	affected	—
`7.0.8.1`	affected	—
`7.1.0`	affected	—
`7.1.0.1`	affected	—
`7.1.0.2`	affected	—
`7.1.0.3`	affected	—
`7.2.0`	affected	—
`7.2.1`	affected	—
`7.2.2`	affected	—
`7.2.0.1`	affected	—
`7.2.3`	affected	—
`7.2.3.1`	affected	—
`7.2.4`	affected	—
`7.2.4.1`	affected	—
`7.2.5`	affected	—
`7.2.5.1`	affected	—
`7.2.6`	affected	—
`7.2.7`	affected	—
`7.2.5.2`	affected	—
`7.2.8`	affected	—
`7.2.8.1`	affected	—
`7.2.9`	affected	—
`7.2.10`	affected	—
`7.2.10.2`	affected	—
`7.2.10.1`	affected	—
`7.3.0`	affected	—
`7.3.1`	affected	—
`7.3.1.1`	affected	—
`7.3.1.2`	affected	—
`7.4.0`	affected	—
`7.4.1`	affected	—
`7.4.1.1`	affected	—
`7.4.2`	affected	—
`7.4.2.1`	affected	—
`7.4.2.2`	affected	—
`7.4.2.3`	affected	—
`7.4.2.4`	affected	—
`7.4.3`	affected	—
`7.6.0`	affected	—
`7.6.1`	affected	—
`7.6.2`	affected	—
`7.6.2.1`	affected	—
`7.6.3`	affected	—
`7.7.0`	affected	—
`7.7.10`	affected	—
`7.7.10.1`	affected	—

No data.

Vendor Product Confidence Versions

Cisco

Secure Firewall Management Center

88%

Version	Status	Scheme	Platform
`6.4.0`	affected	semver	—
`6.4.0.1`	affected	generic	—
`6.4.0.2`	affected	generic	—
`6.4.0.3`	affected	generic	—
`6.4.0.4`	affected	generic	—
`6.4.0.5`	affected	generic	—
`6.4.0.6`	affected	generic	—
`6.4.0.7`	affected	generic	—
`6.4.0.8`	affected	generic	—
`6.4.0.9`	affected	generic	—
`6.4.0.10`	affected	generic	—
`6.4.0.11`	affected	generic	—
`6.4.0.12`	affected	generic	—
`6.4.0.13`	affected	generic	—
`6.4.0.14`	affected	generic	—
`6.4.0.15`	affected	generic	—
`6.4.0.16`	affected	generic	—
`6.4.0.17`	affected	generic	—
`6.4.0.18`	affected	generic	—
`7.0.0`	affected	semver	—
`7.0.0.1`	affected	generic	—
`7.0.1`	affected	semver	—
`7.0.1.1`	affected	generic	—
`7.0.2`	affected	semver	—
`7.0.2.1`	affected	generic	—
`7.0.3`	affected	semver	—
`7.0.4`	affected	semver	—
`7.0.5`	affected	semver	—
`7.0.6`	affected	semver	—
`7.0.6.1`	affected	generic	—
`7.0.6.2`	affected	generic	—
`7.0.6.3`	affected	generic	—
`7.0.7`	affected	semver	—
`7.0.8`	affected	semver	—
`7.0.8.1`	affected	generic	—
`7.1.0`	affected	semver	—
`7.1.0.1`	affected	generic	—
`7.1.0.2`	affected	generic	—
`7.1.0.3`	affected	generic	—
`7.2.0`	affected	semver	—
`7.2.1`	affected	semver	—
`7.2.2`	affected	semver	—
`7.2.0.1`	affected	generic	—
`7.2.3`	affected	semver	—
`7.2.3.1`	affected	generic	—
`7.2.4`	affected	semver	—
`7.2.4.1`	affected	generic	—
`7.2.4.2`	affected	generic	—
`7.2.4.3`	affected	generic	—
`7.2.4.4`	affected	generic	—
`7.2.5`	affected	semver	—
`7.2.5.1`	affected	generic	—
`7.2.5.2`	affected	generic	—
`7.2.6`	affected	semver	—
`7.2.7`	affected	semver	—
`7.2.8`	affected	semver	—
`7.2.8.1`	affected	generic	—
`7.2.9`	affected	semver	—
`7.2.10`	affected	semver	—
`7.2.10.1`	affected	generic	—
`7.2.10.2`	affected	generic	—
`7.3.0`	affected	semver	—
`7.3.1`	affected	semver	—
`7.3.1.1`	affected	generic	—
`7.3.1.2`	affected	generic	—
`7.4.0`	affected	semver	—
`7.4.1`	affected	semver	—
`7.4.1.1`	affected	generic	—
`7.4.2`	affected	semver	—
`7.4.2.1`	affected	generic	—
`7.4.2.2`	affected	generic	—
`7.4.2.3`	affected	generic	—
`7.4.2.4`	affected	generic	—
`7.4.3`	affected	semver	—
`7.6.0`	affected	semver	—
`7.6.1`	affected	semver	—
`7.6.2`	affected	semver	—
`7.6.2.1`	affected	generic	—
`7.6.3`	affected	semver	—
`7.7.0`	affected	semver	—
`7.7.10`	affected	generic	—
`7.7.10.1`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the most recent vendor patch or upgrade that eliminates the SQL injection flaw.
Limit the FMC web console to trusted internal networks and enforce strict firewall rules to block unauthorized external access.
Activate multi‑factor authentication for all users with administrative or privileged FMC accounts.
Perform regular vulnerability scanning of the FMC management interface to detect any remaining or new weaknesses.

Generated by OpenCVE AI on April 16, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-injection-2qH6CcJd

History

Thu, 16 Apr 2026 13:45:00 +0000

Type	Values Removed	Values Added
Title		SQL Injection in Cisco Secure FMC Web Interface Allowing Database and OS File Access

Thu, 05 Mar 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco secure Firewall Management Center
Vendors & Products		Cisco Cisco secure Firewall Management Center

Wed, 04 Mar 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials.
Weaknesses		CWE-89
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-injection-2qH6CcJd
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

Subscriptions

Cisco Secure Firewall Management Center

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-03-04T17:18:26.204Z

Updated: 2026-03-05T04:55:44.497Z

Reserved: 2025-10-08T11:59:15.348Z

Link: CVE-2026-20002

Vulnrichment

Updated: 2026-03-04T21:43:02.710Z

NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:12.557

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20002

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses

CWE-89

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object