{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20044", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.354Z", "datePublished": "2026-03-04T17:17:41.169Z", "dateUpdated": "2026-03-04T17:46:50.148Z"}, "containers": {"cna": {"title": "Cisco Secure Firewall Management Center Command Injection Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root.\r\n\r\nThis vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inject-S9ZM4EJf", "name": "cisco-sa-fmc-cmd-inject-S9ZM4EJf"}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-fmc-cmd-inject-S9ZM4EJf", "discovery": "INTERNAL", "defects": ["CSCwq23375"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Privilege Management", "type": "cwe", "cweId": "CWE-269"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Firewall Management Center (FMC)", "versions": [{"version": "6.4.0.6", "status": "affected"}, {"version": "6.4.0.7", "status": "affected"}, {"version": "6.4.0.4", "status": "affected"}, {"version": "6.4.0.1", "status": "affected"}, {"version": "6.4.0.8", "status": "affected"}, {"version": "6.4.0.2", "status": "affected"}, {"version": "6.4.0.3", "status": "affected"}, {"version": "6.4.0.5", "status": "affected"}, {"version": "6.4.0", "status": "affected"}, {"version": "6.4.0.9", "status": "affected"}, {"version": "6.4.0.10", "status": "affected"}, {"version": "6.4.0.11", "status": "affected"}, {"version": "6.4.0.12", "status": "affected"}, {"version": "7.0.0", "status": "affected"}, {"version": "7.0.0.1", "status": "affected"}, {"version": "7.0.1", "status": "affected"}, {"version": "7.1.0", "status": "affected"}, {"version": "6.4.0.13", "status": "affected"}, {"version": "7.0.1.1", "status": "affected"}, {"version": "6.4.0.14", "status": "affected"}, {"version": "7.1.0.1", "status": "affected"}, {"version": "7.0.2", "status": "affected"}, {"version": "6.4.0.15", "status": "affected"}, {"version": "7.2.0", "status": "affected"}, {"version": "7.0.2.1", "status": "affected"}, {"version": "7.0.3", "status": "affected"}, {"version": "7.1.0.2", "status": "affected"}, {"version": "7.2.0.1", "status": "affected"}, {"version": "7.0.4", "status": "affected"}, {"version": "7.2.1", "status": "affected"}, {"version": "7.0.5", "status": "affected"}, {"version": "6.4.0.16", "status": "affected"}, {"version": "7.3.0", "status": "affected"}, {"version": "7.2.2", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "7.2.3", "status": "affected"}, {"version": "7.1.0.3", "status": "affected"}, {"version": "7.2.3.1", "status": "affected"}, {"version": "7.2.4", "status": "affected"}, {"version": "7.0.6", "status": "affected"}, {"version": "7.2.4.1", "status": "affected"}, {"version": "7.2.5", "status": "affected"}, {"version": "7.3.1.1", "status": "affected"}, {"version": "7.4.0", "status": "affected"}, {"version": "6.4.0.17", "status": "affected"}, {"version": "7.0.6.1", "status": "affected"}, {"version": "7.2.5.1", "status": "affected"}, {"version": "7.4.1", "status": "affected"}, {"version": "7.2.6", "status": "affected"}, {"version": "7.4.1.1", "status": "affected"}, {"version": "7.0.6.2", "status": "affected"}, {"version": "6.4.0.18", "status": "affected"}, {"version": "7.2.7", "status": "affected"}, {"version": "7.2.5.2", "status": "affected"}, {"version": "7.3.1.2", "status": "affected"}, {"version": "7.2.8", "status": "affected"}, {"version": "7.6.0", "status": "affected"}, {"version": "7.4.2", "status": "affected"}, {"version": "7.2.8.1", "status": "affected"}, {"version": "7.0.6.3", "status": "affected"}, {"version": "7.4.2.1", "status": "affected"}, {"version": "7.2.9", "status": "affected"}, {"version": "7.0.7", "status": "affected"}, {"version": "7.7.0", "status": "affected"}, {"version": "7.4.2.2", "status": "affected"}, {"version": "7.2.10", "status": "affected"}, {"version": "7.6.1", "status": "affected"}, {"version": "7.4.2.3", "status": "affected"}, {"version": "7.0.8", "status": "affected"}, {"version": "7.6.2", "status": "affected"}, {"version": "7.7.10", "status": "affected"}, {"version": "7.2.10.1", "status": "affected"}, {"version": "7.0.8.1", "status": "affected"}, {"version": "7.6.2.1", "status": "affected"}, {"version": "7.2.10.2", "status": "affected"}, {"version": "7.7.10.1", "status": "affected"}, {"version": "7.4.2.4", "status": "affected"}, {"version": "7.4.3", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-04T17:46:50.148Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root.\r\n\r\nThis vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials."}], "id": "CVE-2026-20044", "lastModified": "2026-03-04T18:16:17.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-03-04T18:16:17.580", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inject-S9ZM4EJf"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{}