Cisco Secure Firewall Management Center Software Command Injection Vulnerability
Monitor6cisco-sa-fmc-cmd-inject-S9ZM4EJfMar 4, 2026
Cisco
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
A command injection vulnerability exists in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software. An authenticated, local attacker with valid administrative credentials could send crafted CLI input to execute arbitrary commands or code as root, even when the system is in lockdown mode. This bypasses the intended security restrictions of lockdown mode. Cisco has released software updates to address this vulnerability.
What this means
What could happen
An authenticated administrator with local access to the FMC appliance could run arbitrary commands as root, bypassing the lockdown security mode that is meant to restrict dangerous changes. This could allow an insider or compromised admin account to modify firewall policies, access encrypted data, or disable security controls.
Who's at risk
Network security teams and firewall administrators managing Cisco Secure Firewall Management Center (FMC) appliances. FMC serves as the centralized management platform for Cisco firewalls and intrusion prevention systems in enterprises and service providers.
How it could be exploited
An attacker with valid FMC administrative credentials gains local access to the appliance console or management interface and sends specially crafted CLI input that exploits insufficient validation in the lockdown mechanism's remediation modules. This allows command injection that executes as root, bypassing the system's lockdown restrictions.
Prerequisites
- Valid FMC administrative credentials
- Local or direct access to the FMC appliance CLI or management interface
Requires valid administrative credentialsLocal access requiredBypasses lockdown security mode
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
Secure Firewall Management Center (FMC) AppliancesAll versionsFix available
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Cisco Secure Firewall Management Center (FMC) to the patched version released in the March 2026 Cisco security advisory bundle
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fbb06275-d8d5-4a89-9bd0-d4edee5988e2Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.