DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-20131: CVE-2026-20131: Unauthenticated RCE in Cisco Secure Firewall Management Center via Java Deserialization

#security #cve #cybersecurity

CVE-2026-20131: Unauthenticated RCE in Cisco Secure Firewall Management Center via Java Deserialization

Vulnerability ID: CVE-2026-20131
CVSS Score: 10.0
Published: 2026-03-04

A critical vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) software allows an unauthenticated, remote attacker to execute arbitrary code with root privileges. The flaw arises from the improper handling of Java serialized data, enabling attackers to supply malicious objects that the application deserializes without validation.

TL;DR

CVE-2026-20131 is a CVSS 10.0 vulnerability in Cisco Secure FMC. It allows unauthenticated remote attackers to gain root access by sending malicious Java serialized objects to the management interface. No workarounds exist; immediate patching is required.

Technical Details

  • CWE ID: CWE-502
  • Attack Vector: Network
  • CVSS: 10.0 (Critical)
  • Privileges Required: None
  • Impact: Remote Code Execution (Root)
  • Exploit Status: No known active exploitation (as of March 2026)

Affected Systems

  • Cisco Secure Firewall Management Center (FMC) Software
  • Cisco Security Cloud Control
  • Cisco Secure FMC: 6.4.0.13 - 6.4.0.18 (Fixed in: Check Vendor Advisory)
  • Cisco Secure FMC: 7.0.0 - 7.0.8.1 (Fixed in: Check Vendor Advisory)
  • Cisco Secure FMC: 7.1.0 - 7.1.0.3 (Fixed in: Check Vendor Advisory)
  • Cisco Secure FMC: 7.2.0 - 7.2.10.2 (Fixed in: Check Vendor Advisory)
  • Cisco Secure FMC: 7.4.0 - 7.4.5 (Fixed in: Check Vendor Advisory)

Mitigation Strategies

  • Software Update (Primary)
  • Network Segmentation (Secondary)
  • Traffic Analysis

Remediation Steps:

  1. Identify the current running version of Cisco Secure FMC.
  2. Download the appropriate patch release from the Cisco Software Center (e.g., version 7.4.6 or later if on the 7.4 train).
  3. Backup current FMC configurations.
  4. Apply the patch during a maintenance window.
  5. Verify the upgrade was successful and the version number has changed.

References

Read the full report for CVE-2026-20131 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)