top of page
perceptive_background_267k.jpg

De kwetsbaarheid met kenmerk CVE-2026-20079 bevindt zich in de webinterface van Cisco Secure Firewall Management Center. Een ongeauthenticeerde externe kwaadwil…

Published:

19 March 2026 at 11:48:18

Alert date:

4 March 2026 at 21:01:35

Source:

ncsc.nl

Click to open the original link from this advisory

Network Infrastructure, Zero-Day Vulnerabilities, Ransomware & Malware, Security Tools

Two critical vulnerabilities (CVE-2026-20079 and CVE-2026-20131) have been patched in Cisco Secure Firewall Management Center. CVE-2026-20079 allows unauthenticated attackers to bypass authentication controls through malicious HTTP requests, potentially gaining root access. CVE-2026-20131 enables remote code execution with root privileges through unsafe Java deserialization. Amazon threat intelligence reports CVE-2026-20131 has been actively exploited since January 26 for Interlock ransomware deployment. Public PoCs are now available for both vulnerabilities. NCSC strongly advises immediate updates due to expected widespread exploitation attempts.

Technical details

CVE-2026-20079 is located in the web interface of Cisco Secure Firewall Management Center, allowing unauthenticated external attackers to bypass authentication controls by exploiting an incorrect system process created during startup through specially crafted HTTP requests. CVE-2026-20131 enables unauthenticated external attackers to execute arbitrary Java code with root privileges through unsafe deserialization of user-supplied Java byte streams by sending specially crafted serialized Java objects to the web-based management interface.

Mitigation steps:

Install updates immediately as released by Cisco. For Cisco Security Cloud Control Firewall Management SaaS users, updates are automatic. Use Amazon blog IoCs and detection measures to identify compromise attempts. Review network traffic and system activities back to January 26 for suspicious behavior even if updates were installed quickly. Limit public internet access to management interfaces to reduce attack surface.

Affected products:

Cisco Secure Firewall Management Center
Cisco Security Cloud Control Firewall Management

Related links:

https://aws.amazon.com/de/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2

Related CVE's:

Related threat actors:

IOC's:

Interlock ransomware

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page