10
CVE-2026-20079
- EPSS 0.06%
- Veröffentlicht 04.03.2026 17:17:35
- Zuletzt bearbeitet 05.03.2026 19:39:11
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Secure Firewall Management Center (FMC)
Version
7.0.0
Status
affected
Version
7.0.0.1
Status
affected
Version
7.0.1
Status
affected
Version
7.0.1.1
Status
affected
Version
7.0.2
Status
affected
Version
7.0.2.1
Status
affected
Version
7.0.3
Status
affected
Version
7.0.4
Status
affected
Version
7.0.5
Status
affected
Version
7.0.6
Status
affected
Version
7.0.6.1
Status
affected
Version
7.0.6.2
Status
affected
Version
7.0.6.3
Status
affected
Version
7.0.7
Status
affected
Version
7.0.8
Status
affected
Version
7.0.8.1
Status
affected
Version
7.1.0
Status
affected
Version
7.1.0.1
Status
affected
Version
7.1.0.2
Status
affected
Version
7.1.0.3
Status
affected
Version
7.2.0
Status
affected
Version
7.2.1
Status
affected
Version
7.2.2
Status
affected
Version
7.2.0.1
Status
affected
Version
7.2.3
Status
affected
Version
7.2.3.1
Status
affected
Version
7.2.4
Status
affected
Version
7.2.4.1
Status
affected
Version
7.2.5
Status
affected
Version
7.2.5.1
Status
affected
Version
7.2.6
Status
affected
Version
7.2.7
Status
affected
Version
7.2.5.2
Status
affected
Version
7.2.8
Status
affected
Version
7.2.8.1
Status
affected
Version
7.2.9
Status
affected
Version
7.2.10
Status
affected
Version
7.2.10.2
Status
affected
Version
7.2.10.1
Status
affected
Version
7.3.0
Status
affected
Version
7.3.1
Status
affected
Version
7.3.1.1
Status
affected
Version
7.3.1.2
Status
affected
Version
7.4.0
Status
affected
Version
7.4.1
Status
affected
Version
7.4.1.1
Status
affected
Version
7.4.2
Status
affected
Version
7.4.2.1
Status
affected
Version
7.4.2.2
Status
affected
Version
7.4.2.3
Status
affected
Version
7.4.2.4
Status
affected
Version
7.4.3
Status
affected
Version
7.6.0
Status
affected
Version
7.6.1
Status
affected
Version
7.6.2
Status
affected
Version
7.6.2.1
Status
affected
Version
7.6.3
Status
affected
Version
7.7.0
Status
affected
Version
7.7.10
Status
affected
Version
7.7.10.1
Status
affected
Version
7.7.11
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.187 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.