{"id":15905,"date":"2026-03-05T17:25:24","date_gmt":"2026-03-05T17:25:24","guid":{"rendered":"https:\/\/newestek.com\/?p=15905"},"modified":"2026-03-05T17:25:24","modified_gmt":"2026-03-05T17:25:24","slug":"cisco-issues-emergency-patches-for-critical-firewall-vulnerabilities","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15905","title":{"rendered":"Cisco issues emergency patches for critical firewall vulnerabilities"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Cisco has handed security teams one of the largest ever patching workloads affecting its firewall products, including fixes for two \u2018perfect 10\u2019 vulnerabilities in the company\u2019s Secure Firewall Management Center (FMC) Software.<\/p>\n

Overall, the March 4 release<\/a>, the first of its semiannual firewall updates for 2026, addresses 25 security advisories covering 48 individual CVEs.<\/p>\n

The biggest concerns will be the FMC flaws, CVE-2026-20079<\/a> and CVE-2026-20131<\/a>, the first of which is an authentication bypass weakness, and the second involving insecure deserialization. Both are rated \u2018critical\u2019 with maximum CVSS scores of 10.<\/p>\n

The weaknesses relate to the platform\u2019s web management interface and give unauthenticated root access. This will make them big targets for attackers using reverse engineering tools to reveal the workings of the underlying flaws.<\/p>\n

This hasn\u2019t happened yet \u2013 neither has been reported as being under exploitation \u2013 but there is no question attackers will quickly pounce on them if they can.<\/p>\n

Cisco said of CVE-2026-20079: \u201cAn attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root<\/em> access to the device.\u201d<\/p>\n

And CVE-2026-20131 is described thusly: \u201cAn attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root<\/em>.\u201d<\/p>\n

There are no workarounds for either if these vulnerabilities, Cisco said. However, for CVE-2026-20131, it noted, \u201cIf the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.\u201d<\/p>\n

In short, if they can\u2019t patch right now, admins should ensure that the FMC is not exposed until that happens.<\/p>\n

Other vulnerabilities<\/h2>\n

Of the remaining flaws, a further six are rated \u2018high\u2019, with CVSS scores of between 7.2 and 8.6. These include the Firewall Management Center SQL injection vulnerabilities CVE-2026-20001, CVE-2026-20002, and CVE-2026-20003<\/a>, all remotely exploitable by an authenticated attacker. Again, no workarounds are possible.<\/p>\n

CVE-2026-20039<\/a>, rated 8.6 (\u2018critical\u2019), is a flaw affecting the VPN web server in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software which could allow an unauthenticated attacker to induce a denial of service state.<\/p>\n

Additionally, CVE-2026-20082<\/a>, also rated 8.6, could allow an unauthenticated attacker to cause incoming TCP SYN packets to be dropped incorrectly in the Cisco Secure Firewall Adaptive Security Appliance (ASA) Software.<\/p>\n

The procedure for patching the flaws addressed in the March update varies depending on the software version installed. Cisco recommends using its software checker<\/a> to determine the appropriate update. Alternatively, admins can consult the tables in the Cisco Secure Firewall Threat Defense Compatibility Guide<\/a>.<\/p>\n

D\u00e9j\u00e0 vu<\/h2>\n

Critical-rated flaws and zero days have become a regular occurrence in Cisco patching rounds in the last couple of years, now almost seen as \u2018zero-day events\u2019 in themselves.<\/p>\n

Security teams will be reminded of last September\u2019s emergency patches<\/a> addressing similar web services flaws affecting Cisco\u2019s Secure Firewall Adaptive Security Appliance (ASA) VPN and Cisco Secure Firewall Threat Defense (FTD) software.<\/p>\n

Of these, CVE-2025-20333<\/a> and\u00a0CVE-2025-20362<\/a> were under zero-day exploitation, while the third,\u00a0CVE-2025-20363<\/a>, was seen as being under imminent threat. The attacks were serious enough that Cisco published an \u201cevent response\u201d bulletin<\/a> providing more detail on reported exploits and indicators of compromise.<\/p>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Cisco has handed security teams one of the largest ever patching workloads affecting its firewall products, including fixes for two \u2018perfect 10\u2019 vulnerabilities in the company\u2019s Secure Firewall Management Center (FMC) Software. Overall, the March 4 release, the first of its semiannual firewall updates for 2026, addresses 25 security advisories covering 48 individual CVEs. The biggest concerns will be the FMC flaws, CVE-2026-20079 and CVE-2026-20131,… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15905","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15905"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15905\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}