Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities
Plan Patch8.1cisco-sa-fmc-sql-injection-2qH6CcJdMar 4, 2026
Cisco
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Multiple SQL injection vulnerabilities exist in the Cisco Secure Firewall Management Center (FMC) web-based management interface and REST API. An authenticated attacker can conduct SQL injection attacks to read, modify, or delete configuration data. These vulnerabilities affect all current versions of FMC appliances. Cisco has released software updates to address these vulnerabilities; no workarounds are available.
What this means
What could happen
An authenticated attacker with access to the FMC web interface or REST API could inject malicious SQL commands to read, modify, or delete firewall configuration data, potentially compromising network security policy enforcement across all protected systems.
Who's at risk
Network security teams managing Cisco Secure Firewall Management Centers, which are typically used to centrally manage and deploy firewall policies across ASA, Firepower, and Threat Defense appliances in enterprise environments. This affects any organization using FMC to administer Cisco firewalls in production networks.
How it could be exploited
An attacker with valid FMC credentials accesses the web management interface or REST API and submits specially crafted input to vulnerable parameters. The application fails to sanitize the input before executing SQL queries, allowing the attacker to inject arbitrary SQL commands to query or modify the underlying database.
Prerequisites
- Valid FMC user credentials (admin or lower-privileged account with API/web access)
- Network access to the FMC management interface (typically port 443 or configured management port)
- Firewall policy or network configuration permitting management access
Remotely exploitableRequires authentication but may compromise administrator-level dataLow complexity attackHigh CVSS (8.1)Affects critical security infrastructure
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
Secure Firewall Management Center (FMC) AppliancesAll versionsFix available
Remediation & Mitigation
0/5
Do now
0/2HOTFIXUpdate Cisco Secure Firewall Management Center to the patched version released in March 2026
WORKAROUNDRestrict network access to the FMC management interface to only authorized administrator workstations and management networks
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HARDENINGDisable or restrict REST API access if not actively used for automation
HARDENINGEnforce strong authentication (MFA or certificate-based access) for all FMC user accounts
HARDENINGMonitor FMC web and API logs for unusual SQL-like patterns or failed authentication attempts
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/bd142406-618d-40e7-a211-425cedac928aGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.