The severity is critical due to the unauthenticated remote exploitability and the real-world attacks that occurred before the patch was available, compromising high-value targets including healthcare facilities.
A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center allowed unauthenticated remote attackers to execute arbitrary Java code as root before its disclosure. Interlock exploited this zero-day for over a month, impacting various medical facilities and city networks.
Affected Systems
- Cisco Secure Firewall Management Center
Affected Versions: all versions before March 4, 2026
Remediation
- Upgrade to Cisco Secure Firewall Management Center version released on or after March 4, 2026 as per the official Cisco advisory.
- Review network traffic and system logs for any signs of unauthorized access or exploitation activity.
- Implement stricter authentication mechanisms and monitoring around the firewall management interfaces.
Stack Impact
The vulnerability impacts enterprise-grade systems using Cisco Secure Firewall Management Center software, potentially affecting network security infrastructure in organizations that rely on this product.