6
CVE-2026-20044
- EPSS 0.01%
- Veröffentlicht 04.03.2026 17:17:41
- Zuletzt bearbeitet 05.03.2026 19:39:11
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Secure Firewall Management Center Command Injection Vulnerability
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Secure Firewall Management Center (FMC)
Default Statusunknown
Version
6.4.0.6
Status
affected
Version
6.4.0.7
Status
affected
Version
6.4.0.4
Status
affected
Version
6.4.0.1
Status
affected
Version
6.4.0.8
Status
affected
Version
6.4.0.2
Status
affected
Version
6.4.0.3
Status
affected
Version
6.4.0.5
Status
affected
Version
6.4.0
Status
affected
Version
6.4.0.9
Status
affected
Version
6.4.0.10
Status
affected
Version
6.4.0.11
Status
affected
Version
6.4.0.12
Status
affected
Version
7.0.0
Status
affected
Version
7.0.0.1
Status
affected
Version
7.0.1
Status
affected
Version
7.1.0
Status
affected
Version
6.4.0.13
Status
affected
Version
7.0.1.1
Status
affected
Version
6.4.0.14
Status
affected
Version
7.1.0.1
Status
affected
Version
7.0.2
Status
affected
Version
6.4.0.15
Status
affected
Version
7.2.0
Status
affected
Version
7.0.2.1
Status
affected
Version
7.0.3
Status
affected
Version
7.1.0.2
Status
affected
Version
7.2.0.1
Status
affected
Version
7.0.4
Status
affected
Version
7.2.1
Status
affected
Version
7.0.5
Status
affected
Version
6.4.0.16
Status
affected
Version
7.3.0
Status
affected
Version
7.2.2
Status
affected
Version
7.3.1
Status
affected
Version
7.2.3
Status
affected
Version
7.1.0.3
Status
affected
Version
7.2.3.1
Status
affected
Version
7.2.4
Status
affected
Version
7.0.6
Status
affected
Version
7.2.4.1
Status
affected
Version
7.2.5
Status
affected
Version
7.3.1.1
Status
affected
Version
7.4.0
Status
affected
Version
6.4.0.17
Status
affected
Version
7.0.6.1
Status
affected
Version
7.2.5.1
Status
affected
Version
7.4.1
Status
affected
Version
7.2.6
Status
affected
Version
7.4.1.1
Status
affected
Version
7.0.6.2
Status
affected
Version
6.4.0.18
Status
affected
Version
7.2.7
Status
affected
Version
7.2.5.2
Status
affected
Version
7.3.1.2
Status
affected
Version
7.2.8
Status
affected
Version
7.6.0
Status
affected
Version
7.4.2
Status
affected
Version
7.2.8.1
Status
affected
Version
7.0.6.3
Status
affected
Version
7.4.2.1
Status
affected
Version
7.2.9
Status
affected
Version
7.0.7
Status
affected
Version
7.7.0
Status
affected
Version
7.4.2.2
Status
affected
Version
7.2.10
Status
affected
Version
7.6.1
Status
affected
Version
7.4.2.3
Status
affected
Version
7.0.8
Status
affected
Version
7.6.2
Status
affected
Version
7.7.10
Status
affected
Version
7.2.10.1
Status
affected
Version
7.0.8.1
Status
affected
Version
7.6.2.1
Status
affected
Version
7.2.10.2
Status
affected
Version
7.7.10.1
Status
affected
Version
7.4.2.4
Status
affected
Version
7.4.3
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.003 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6 | 0.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.