Cisco Secure Firewall Management Center up to 7.7.11 Web Interface authentication bypass

Summaryinfo

A vulnerability, which was classified as critical, has been found in Cisco Secure Firewall Management Center. This vulnerability affects unknown code of the component Web Interface. This manipulation causes authentication bypass. The identification of this vulnerability is CVE-2026-20079. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability classified as very critical was found in Cisco Secure Firewall Management Center. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation with an unknown input leads to a authentication bypass vulnerability. The CWE definition for the vulnerability is CWE-288. A product requires authentication, but the product has an alternate path or channel that does not require authentication. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

The advisory is shared at sec.cloudapps.cisco.com. This vulnerability is known as CVE-2026-20079 since 10/08/2025. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 03/05/2026).

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2026-0610). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Affected

• Cisco Secure Firewall Management Center
• Cisco Secure Firewall Threat Defense

Productinfo

Type

• Firewall Software

Vendor

• Cisco

Name

• Secure Firewall Management Center

Version

• 7.0.0
• 7.0.0.1
• 7.0.1
• 7.0.1.1
• 7.0.2
• 7.0.2.1
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.0.6.1
• 7.0.6.2
• 7.0.6.3
• 7.0.7
• 7.0.8
• 7.0.8.1
• 7.1.0
• 7.1.0.1
• 7.1.0.2
• 7.1.0.3
• 7.2.0
• 7.2.0.1
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.3.1
• 7.2.4
• 7.2.4.1
• 7.2.5
• 7.2.5.1
• 7.2.5.2
• 7.2.6
• 7.2.7
• 7.2.8
• 7.2.8.1
• 7.2.9
• 7.2.10
• 7.2.10.1
• 7.2.10.2
• 7.3.0
• 7.3.1
• 7.3.1.1
• 7.3.1.2
• 7.4.0
• 7.4.1
• 7.4.1.1
• 7.4.2
• 7.4.2.1
• 7.4.2.2
• 7.4.2.3
• 7.4.2.4
• 7.4.3
• 7.6.0
• 7.6.1
• 7.6.2
• 7.6.2.1
• 7.6.3
• 7.7.0
• 7.7.10
• 7.7.10.1
• 7.7.11

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion