Description
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.

This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.
Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.
Published: 2026-03-04
Score: 10 Critical
EPSS: < 1% Very Low
KEV: Yes
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An insecure deserialization flaw in the web‑based management interface of Cisco Secure Firewall Management Center (FMC) allows an unauthenticated, remote attacker to send a crafted serialized Java object and execute arbitrary Java code with root privileges. The vulnerability, designated CWE‑502, can lead to full system compromise, giving attackers control over the device, data exfiltration, and further lateral movement within the network.

Affected Systems

Affected systems include Cisco Secure Firewall Management Center (FMC) software across multiple releases, from version 6.4.0.13 through 7.7.11. The vulnerable components reside in the web‑based management interface of each affected FMC deployment.

Risk and Exploitability

The CVSS score of 10 indicates a critical impact. EPSS indicates a low probability (<1%) of exploitation in the general population, but the vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, suggesting that adversaries have leveraged it in the wild. Because the attack surface is minimized if the FMC interface lacks public internet exposure, the practical risk for internal‑only deployments is lower, yet any remote access path still represents a significant threat.

Generated by OpenCVE AI on April 16, 2026 at 05:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Secure Firewall Management Center patch that mitigates the insecure deserialization flaw, as detailed in Cisco’s advisory.
  • Restrict network exposure of the FMC web interface to authorized administrative networks and disable public internet access where possible.
  • Implement application‑level input validation for all user‑supplied data to prevent deserialization attacks and monitor for anomalous Java byte stream activity.

Generated by OpenCVE AI on April 16, 2026 at 05:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced. A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nbsp;on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.
Title Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability

Fri, 20 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced. A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Thu, 19 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cisco:secure_firewall_management_center:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.10:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.2.9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.7.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.7.10.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.7.10:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:7.7.11:*:*:*:*:*:*:*

Thu, 19 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-03-19T00:00:00+00:00', 'dueDate': '2026-03-22T00:00:00+00:00'}

Thu, 19 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco secure Firewall Management Center
Vendors & Products Cisco
Cisco secure Firewall Management Center

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Cisco Secure Firewall Management Center
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-25T16:04:35.907Z

Reserved: 2025-10-08T11:59:15.380Z

Link: CVE-2026-20131

cve-icon Vulnrichment

Updated: 2026-03-05T14:06:12.803Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T18:16:27.153

Modified: 2026-03-25T17:39:46.247

Link: CVE-2026-20131

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T05:45:26Z

Weaknesses