CISA Orders US Government to Patch Maximum Severity Cisco Flaw
CISA Orders US Government to Patch Maximum Severity Cisco Flaw
https://www.infosecurity-magazine.com/news/cisa-orders-us-government-patch/
Publish Date: 2026-03-23 06:30:00
Source Domain: www.infosecurity-magazine.com
The US Cybersecurity and Infrastructure Security Agency (CISA) has told all federal civilian agencies to patch a critical remote code execution (RCE) vulnerability in a Cisco firewall product, as ransomware actors circle.
CVE-2026-20131 affects the web-based management interface of Cisco Secure Firewall Management Center (FMC). With a maximum CVSS score of 10, it could “allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device,” according to the vendor.
It was patched by Cisco on March 4 after reports the Interlock ransomware group had been exploiting it as a zero day for several months.
CISA added the CVE to its known exploited vulnerabilities (KEV) catalog on Thursday 19 March, giving agencies just three days to patch it or “discontinue use of the product if mitigations are unavailable.”
That’s an unusually short timeline for CISA, reflective of the urgency of the situation. The entry also has a warning note attached stating that the CVE is “known to be used in ransomware campaigns.”
Read more on Cisco zero days: Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day.
Cisco Secure Firewall Management Center (FMC) is described by the vendor as providing an “administrative nerve center” for Cisco network security products. It delivers centralized management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection, Cisco said.
This vulnerability is “due to insecure deserialization of a user-supplied Java byte stream,” according to the CVE Program.
“An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device,” it explained. “A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”
How Attackers Are Using the CVE
AWS published a detailed write up of the Interlock…
