10
CVE-2026-20131
Trending CVE
- EPSS 5.6%
- Veröffentlicht 04.03.2026 17:17:56
- Zuletzt bearbeitet 20.03.2026 22:16:26
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Secure Firewall Management Center Version6.4.0.13
Cisco ≫ Secure Firewall Management Center Version6.4.0.14
Cisco ≫ Secure Firewall Management Center Version6.4.0.15
Cisco ≫ Secure Firewall Management Center Version6.4.0.16
Cisco ≫ Secure Firewall Management Center Version6.4.0.17
Cisco ≫ Secure Firewall Management Center Version6.4.0.18
Cisco ≫ Secure Firewall Management Center Version7.0.0
Cisco ≫ Secure Firewall Management Center Version7.0.0.1
Cisco ≫ Secure Firewall Management Center Version7.0.1
Cisco ≫ Secure Firewall Management Center Version7.0.1.1
Cisco ≫ Secure Firewall Management Center Version7.0.2
Cisco ≫ Secure Firewall Management Center Version7.0.2.1
Cisco ≫ Secure Firewall Management Center Version7.0.3
Cisco ≫ Secure Firewall Management Center Version7.0.4
Cisco ≫ Secure Firewall Management Center Version7.0.5
Cisco ≫ Secure Firewall Management Center Version7.0.6
Cisco ≫ Secure Firewall Management Center Version7.0.6.1
Cisco ≫ Secure Firewall Management Center Version7.0.6.2
Cisco ≫ Secure Firewall Management Center Version7.0.6.3
Cisco ≫ Secure Firewall Management Center Version7.0.7
Cisco ≫ Secure Firewall Management Center Version7.0.8
Cisco ≫ Secure Firewall Management Center Version7.0.8.1
Cisco ≫ Secure Firewall Management Center Version7.1.0
Cisco ≫ Secure Firewall Management Center Version7.1.0.1
Cisco ≫ Secure Firewall Management Center Version7.1.0.2
Cisco ≫ Secure Firewall Management Center Version7.1.0.3
Cisco ≫ Secure Firewall Management Center Version7.2.0
Cisco ≫ Secure Firewall Management Center Version7.2.0.1
Cisco ≫ Secure Firewall Management Center Version7.2.1
Cisco ≫ Secure Firewall Management Center Version7.2.2
Cisco ≫ Secure Firewall Management Center Version7.2.3
Cisco ≫ Secure Firewall Management Center Version7.2.3.1
Cisco ≫ Secure Firewall Management Center Version7.2.4
Cisco ≫ Secure Firewall Management Center Version7.2.4.1
Cisco ≫ Secure Firewall Management Center Version7.2.5
Cisco ≫ Secure Firewall Management Center Version7.2.5.1
Cisco ≫ Secure Firewall Management Center Version7.2.5.2
Cisco ≫ Secure Firewall Management Center Version7.2.6
Cisco ≫ Secure Firewall Management Center Version7.2.7
Cisco ≫ Secure Firewall Management Center Version7.2.8
Cisco ≫ Secure Firewall Management Center Version7.2.8.1
Cisco ≫ Secure Firewall Management Center Version7.2.9
Cisco ≫ Secure Firewall Management Center Version7.2.10
Cisco ≫ Secure Firewall Management Center Version7.2.10.1
Cisco ≫ Secure Firewall Management Center Version7.2.10.2
Cisco ≫ Secure Firewall Management Center Version7.3.0
Cisco ≫ Secure Firewall Management Center Version7.3.1
Cisco ≫ Secure Firewall Management Center Version7.3.1.1
Cisco ≫ Secure Firewall Management Center Version7.3.1.2
Cisco ≫ Secure Firewall Management Center Version7.4.0
Cisco ≫ Secure Firewall Management Center Version7.4.1
Cisco ≫ Secure Firewall Management Center Version7.4.1.1
Cisco ≫ Secure Firewall Management Center Version7.4.2
Cisco ≫ Secure Firewall Management Center Version7.4.2.1
Cisco ≫ Secure Firewall Management Center Version7.4.2.2
Cisco ≫ Secure Firewall Management Center Version7.4.2.3
Cisco ≫ Secure Firewall Management Center Version7.4.2.4
Cisco ≫ Secure Firewall Management Center Version7.4.3
Cisco ≫ Secure Firewall Management Center Version7.4.4
Cisco ≫ Secure Firewall Management Center Version7.4.5
Cisco ≫ Secure Firewall Management Center Version7.6.0
Cisco ≫ Secure Firewall Management Center Version7.6.1
Cisco ≫ Secure Firewall Management Center Version7.6.2
Cisco ≫ Secure Firewall Management Center Version7.6.2.1
Cisco ≫ Secure Firewall Management Center Version7.6.3
Cisco ≫ Secure Firewall Management Center Version7.6.4
Cisco ≫ Secure Firewall Management Center Version7.7.0
Cisco ≫ Secure Firewall Management Center Version7.7.10
Cisco ≫ Secure Firewall Management Center Version7.7.10.1
Cisco ≫ Secure Firewall Management Center Version7.7.11
Cisco ≫ Secure Firewall Management Center Version10.0.0
19.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
SchwachstelleCisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.6% | 0.902 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.