Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability

Act Now10cisco-sa-onprem-fmc-authbypass-5JPp45V2Mar 4, 2026

Cisco

IT in OT - Cisco networking products are commonly deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the Cisco Secure Firewall Management Center web interface allows an unauthenticated remote attacker to bypass authentication and execute scripts with root privileges. The flaw exists due to an improper system process created at boot time. An attacker can send crafted HTTP requests to exploit this and obtain complete control of the device, including the ability to execute arbitrary commands, modify configurations, and access the underlying operating system.

What this means

What could happen

An attacker could bypass authentication on your Firewall Management Center and gain root access to the underlying operating system, allowing them to execute arbitrary commands, modify firewall policies, or disable security controls entirely.

Who's at risk

Water authorities and electric utilities that use Cisco Secure Firewall Management Center (FMC) appliances to manage and monitor their security appliances. This is typically a centralized management platform used in network operations centers (NOCs) or security operations centers (SOCs) to control firewall policies and monitor network security across the entire organization.

How it could be exploited

An attacker sends crafted HTTP requests to the web interface of an unpatched Firewall Management Center without needing to authenticate. The requests exploit an improper system process running at boot time to execute scripts with root privileges, giving the attacker complete control of the device.

Prerequisites

Network access to the Firewall Management Center web interface (typically port 443)
Target device running vulnerable Cisco Secure FMC firmware

remotely exploitableno authentication requiredlow complexityaffects critical management systemsCVSS 10.0 (maximum severity)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Secure Firewall Management Center (FMC) AppliancesAll versionsFix available

Remediation & Mitigation

0/2

Do now

0/2

HOTFIXUpdate Cisco Secure Firewall Management Center to the latest patched version immediately

WORKAROUNDIf patching is not immediately possible, restrict network access to the FMC web interface (port 443) to only authorized management stations using firewall rules or network segmentation

CVEs (1)

CVE-2026-20079

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/78f76c75-c261-4378-a6f9-02edd87fe04e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.