ARIA assesses this as CRITICAL due to the unauthenticated RCE vulnerability which allows attackers full control of affected devices. The real-world exploitability is high given the active exploitation by ransomware gangs, though official confirmation from Cisco remains pending.
Cisco's Secure Firewall Management Center (FMC) software has a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary Java code as root. This flaw was exploited by the Interlock ransomware gang since January before being patched in March.
Affected Systems
- Cisco Secure Firewall Management Center (FMC)
Affected Versions: All versions before March 2026 patch
Remediation
- Apply the latest security updates for FMC as provided by Cisco, specifically the update addressing CVE-2026-20131.
- Review system logs for any signs of unauthorized access or suspicious activities related to this vulnerability.
Stack Impact
This affects network management software and may indirectly impact services dependent on secure firewall operations such as nginx, docker, and homelab components if they are behind the affected FMC devices.