EUVD-2026-9444

10.0

Critical

CVSS v3.1

4 Mar 2026

cisco

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

CVE-2026-20131

EPSS Score:

Comprehensive Technical Analysis of EUVD-2026-9444

1. Vulnerability Assessment and Severity Evaluation

Vulnerability Description: The vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software allows an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This is due to insecure deserialization of a user-supplied Java byte stream.

Severity Evaluation:

Base Score: 10.0 (Critical)
Base Score Version: 3.1
Base Score Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

The CVSS score of 10.0 indicates a critical vulnerability. The attack vector is network-based (AV:N), requires low complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), and the scope is changed (S:C), meaning the vulnerability can affect components beyond the initial security scope.

2. Potential Attack Vectors and Exploitation Methods

Attack Vectors:

Remote Code Execution (RCE): An attacker can send a crafted serialized Java object to the web-based management interface, leading to arbitrary code execution with root privileges.
Privilege Escalation: Once the attacker gains initial access, they can escalate privileges to root, allowing full control over the affected device.

Exploitation Methods:

Crafted Serialized Objects: The attacker can create a malicious Java object, serialize it, and send it to the vulnerable interface.
Network-Based Attacks: Since the attack vector is network-based, the attacker can exploit this vulnerability over the internet if the management interface is exposed.

3. Affected Systems and Software Versions

Affected Software:

Cisco Secure Firewall Management Center (FMC) Software

Affected Versions:

6.4.0.13 to 6.4.0.18
7.0.0 to 7.0.8.1
7.1.0 to 7.1.0.3
7.2.0 to 7.2.10.2
7.3.0 to 7.3.1.2
7.4.0 to 7.4.5
7.6.0 to 7.6.4
7.7.0 to 7.7.11
10.0.0

4. Recommended Mitigation Strategies

Immediate Actions:

Restrict Access: Ensure that the FMC management interface is not exposed to the public internet. Limit access to trusted networks and users.
Apply Patches: Immediately apply the latest security patches provided by Cisco.
Network Segmentation: Implement network segmentation to isolate the FMC from other critical systems.

Long-Term Strategies:

Regular Audits: Conduct regular security audits and vulnerability assessments.
Intrusion Detection: Deploy intrusion detection systems (IDS) to monitor for suspicious activities.
User Training: Educate users on the importance of secure configurations and the risks associated with exposing management interfaces.

5. Impact on European Cybersecurity Landscape

Potential Impact:

Critical Infrastructure: Many European organizations, including critical infrastructure providers, use Cisco FMC for network security. A successful exploit could lead to significant disruptions and data breaches.
Compliance: Organizations may face compliance issues with regulations such as GDPR if sensitive data is compromised.
Reputation: Breaches resulting from this vulnerability could damage the reputation of affected organizations and erode public trust.

Mitigation:

Collaboration: European cybersecurity agencies should collaborate with Cisco and affected organizations to ensure timely patching and mitigation.
Awareness: Raise awareness among European cybersecurity professionals about the criticality of this vulnerability and the need for immediate action.

6. Technical Details for Security Professionals

Technical Insights:

Deserialization Vulnerability: The root cause is insecure deserialization, a common issue in Java applications. Ensure that all deserialization processes are secure and validate input data rigorously.
Code Review: Conduct thorough code reviews to identify and mitigate similar vulnerabilities in other parts of the application.
Logging and Monitoring: Enhance logging and monitoring to detect and respond to any suspicious activities related to deserialization processes.

References:

By following these recommendations and staying vigilant, organizations can significantly reduce the risk posed by this critical vulnerability.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh

https://nvd.nist.gov/vuln/detail/CVE-2026-20131

Affected Products

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.6.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.7.11

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.10

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.9

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.13

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.8

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.5

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.8.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.1.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.2.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.6.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.6

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.5

Cisco Secure Firewall Management Center (FMC)

Version: 7.7.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.6.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.2.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.0.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.3.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.3

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.16

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.5.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.10.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.3.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.3.1.1

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.14

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.5

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.8.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.0.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.7

Cisco Secure Firewall Management Center (FMC)

Version: 10.0.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.1.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.3.1.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.7.10

Cisco Secure Firewall Management Center (FMC)

Version: 7.3.1

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.17

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.5.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.1.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.8

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2.2

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.18

Cisco Secure Firewall Management Center (FMC)

Version: 7.1.0.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.7.10.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.1.0.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.1.0.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.1

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.15

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.4.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.6

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.10.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.7

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.1

Vendors

Cisco

EUVD-2026-9444

10.0

Critical

CVSS v3.1

4 Mar 2026

cisco

ENISA Database Find on GitHub

Description

CVE-2026-20131

EPSS Score:

Comprehensive Technical Analysis of EUVD-2026-9444

1. Vulnerability Assessment and Severity Evaluation

Severity Evaluation:

Base Score: 10.0 (Critical)
Base Score Version: 3.1
Base Score Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

2. Potential Attack Vectors and Exploitation Methods

Attack Vectors:

Remote Code Execution (RCE): An attacker can send a crafted serialized Java object to the web-based management interface, leading to arbitrary code execution with root privileges.
Privilege Escalation: Once the attacker gains initial access, they can escalate privileges to root, allowing full control over the affected device.

Exploitation Methods:

Crafted Serialized Objects: The attacker can create a malicious Java object, serialize it, and send it to the vulnerable interface.
Network-Based Attacks: Since the attack vector is network-based, the attacker can exploit this vulnerability over the internet if the management interface is exposed.

3. Affected Systems and Software Versions

Affected Software:

Cisco Secure Firewall Management Center (FMC) Software

Affected Versions:

6.4.0.13 to 6.4.0.18
7.0.0 to 7.0.8.1
7.1.0 to 7.1.0.3
7.2.0 to 7.2.10.2
7.3.0 to 7.3.1.2
7.4.0 to 7.4.5
7.6.0 to 7.6.4
7.7.0 to 7.7.11
10.0.0

4. Recommended Mitigation Strategies

Immediate Actions:

Restrict Access: Ensure that the FMC management interface is not exposed to the public internet. Limit access to trusted networks and users.
Apply Patches: Immediately apply the latest security patches provided by Cisco.
Network Segmentation: Implement network segmentation to isolate the FMC from other critical systems.

Long-Term Strategies:

Regular Audits: Conduct regular security audits and vulnerability assessments.
Intrusion Detection: Deploy intrusion detection systems (IDS) to monitor for suspicious activities.
User Training: Educate users on the importance of secure configurations and the risks associated with exposing management interfaces.

5. Impact on European Cybersecurity Landscape

Potential Impact:

Critical Infrastructure: Many European organizations, including critical infrastructure providers, use Cisco FMC for network security. A successful exploit could lead to significant disruptions and data breaches.
Compliance: Organizations may face compliance issues with regulations such as GDPR if sensitive data is compromised.
Reputation: Breaches resulting from this vulnerability could damage the reputation of affected organizations and erode public trust.

Mitigation:

Collaboration: European cybersecurity agencies should collaborate with Cisco and affected organizations to ensure timely patching and mitigation.
Awareness: Raise awareness among European cybersecurity professionals about the criticality of this vulnerability and the need for immediate action.

6. Technical Details for Security Professionals

Technical Insights:

Deserialization Vulnerability: The root cause is insecure deserialization, a common issue in Java applications. Ensure that all deserialization processes are secure and validate input data rigorously.
Code Review: Conduct thorough code reviews to identify and mitigate similar vulnerabilities in other parts of the application.
Logging and Monitoring: Enhance logging and monitoring to detect and respond to any suspicious activities related to deserialization processes.

References:

By following these recommendations and staying vigilant, organizations can significantly reduce the risk posed by this critical vulnerability.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh

https://nvd.nist.gov/vuln/detail/CVE-2026-20131

Affected Products

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.6.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.7.11

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.10

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.9

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.13

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.8

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.5

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.8.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.1.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.2.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.6.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.6

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.5

Cisco Secure Firewall Management Center (FMC)

Version: 7.7.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.6.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.2.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.0.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.3.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.3

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.16

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.5.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.10.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.3.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.3.1.1

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.14

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.5

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.8.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.0.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.7

Cisco Secure Firewall Management Center (FMC)

Version: 10.0.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.1.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.3.1.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.7.10

Cisco Secure Firewall Management Center (FMC)

Version: 7.3.1

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.17

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.5.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.1.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.8

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.2.2

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.18

Cisco Secure Firewall Management Center (FMC)

Version: 7.1.0.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.7.10.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.1.0.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.6.0

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.3

Cisco Secure Firewall Management Center (FMC)

Version: 7.1.0.2

Cisco Secure Firewall Management Center (FMC)

Version: 7.4.1

Cisco Secure Firewall Management Center (FMC)

Version: 6.4.0.15

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.4.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.6

Cisco Secure Firewall Management Center (FMC)

Version: 7.0.4

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.10.1

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.7

Cisco Secure Firewall Management Center (FMC)

Version: 7.2.1

Vendors

Cisco