Description
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system.

This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.
Published: 2026-03-04
Score: 10 Critical
EPSS: 11.1% Moderate
KEV: No
Impact: Authentication bypass that allows remote attacker to gain root access to the underlying operating system
Action: Urgent Patch
AI Analysis

Impact

A flaw in the web interface of Cisco Secure Firewall Management Center creates an improper system process at boot time, enabling an attacker to send crafted HTTP requests that bypass authentication and execute scripts with root privileges. This vulnerability falls under improper authorization, permitting an unauthenticated user to gain full control over the firewall device.

Affected Systems

The affected product is Cisco Secure Firewall Management Center (FMC) software. Specific affected versions are not disclosed in the advisory and should be verified against Cisco’s Security Advisory for the latest revision.

Risk and Exploitability

With a CVSS score of 10 and an EPSS score of 11%, the vulnerability poses a high risk of exploitation in environments where the FMC web interface is exposed to untrusted networks. It is not yet listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is inferred to be remote via HTTP requests to the FMC management interface, requiring unauthenticated access and no additional privileges.

Generated by OpenCVE AI on April 16, 2026 at 13:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest FMC patch or upgrade to the newest release that addresses the authentication bypass flaw.
  • Restrict external access to the FMC web interface to trusted IP ranges, enforce HTTPS, and disable unused management ports.
  • Monitor and alert on unexpected HTTP requests or authentication failures to detect abuse early.

Generated by OpenCVE AI on April 16, 2026 at 13:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Authentication Bypass in Cisco Secure Firewall Management Center Leading to Root Access

Thu, 05 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco secure Firewall Management Center
Vendors & Products Cisco
Cisco secure Firewall Management Center

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Cisco Secure Firewall Management Center
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-05T14:06:33.865Z

Reserved: 2025-10-08T11:59:15.363Z

Link: CVE-2026-20079

cve-icon Vulnrichment

Updated: 2026-03-05T14:06:30.378Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:24.230

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20079

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses