{"id":220352,"date":"2026-03-04T14:12:00","date_gmt":"2026-03-04T19:12:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/04\/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access\/"},"modified":"2026-03-05T16:30:26","modified_gmt":"2026-03-05T21:30:26","slug":"cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/04\/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access\/","title":{"rendered":"Cisco warns of max severity Secure FMC flaws giving root access"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access\/\">Cisco warns of max severity Secure FMC flaws giving root access<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-04 14:12:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software.<\/p>\n<p>Secure FMC is a web or SSH-based interface for admins to manage Cisco firewalls and configure application control, intrusion prevention, URL filtering, and advanced malware protection.<\/p>\n<p>Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices.<\/p>\n<p>&#8220;An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device,&#8221; the CVE-2026-20079 advisory reads.<\/p>\n<p>&#8220;An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root,&#8221; Cisco added about CVE-2026-20079.<\/p>\n<p>While they both affect Cisco Secure FMC Software, CVE-2026-20131 also affects Cisco Security Cloud Control (SCC) Firewall Management, a cloud-based security policy manager that simplifies policy across Cisco firewalls and other devices.<\/p>\n<p>At the moment, the company&#8217;s Product Security Incident Response Team (PSIRT) has no evidence that the two security flaws are exploited in attacks or that proof-of-concept (PoC) exploit code has been published online.<\/p>\n<p>Today, Cisco has also patched dozens of other security vulnerabilities, including 15 high-severity security flaws in Secure FMC, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense software.<\/p>\n<p>In August, Cisco fixed another maximum-severity Secure FMC flaw, warning that&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco warns of max severity Secure FMC flaws giving root access https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access\/ Publish Date: 2026-03-04&#8230;<\/p>\n","protected":false},"author":1,"featured_media":220353,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2025\/03\/04\/Cisco_headpic.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,32,27],"class_list":["post-220352","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220352"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=220352"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220352\/revisions"}],"predecessor-version":[{"id":220354,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220352\/revisions\/220354"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/220353"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=220352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=220352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=220352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}