๐Ÿ” CVE Alert

CVE-2026-20044

MEDIUM 6.0

Cisco Secure Firewall Management Center Command Injection Vulnerability

CVSS Score
6.0
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials.

CWE CWE-269
Vendor cisco
Product cisco secure firewall management center (fmc)
Ecosystems
Industries
NetworkingTelecommunications
Published Mar 4, 2026
Last Updated Mar 5, 2026
Stay Ahead of the Next One

Get instant alerts for cisco cisco secure firewall management center (fmc)

Be the first to know when new medium vulnerabilities affecting cisco cisco secure firewall management center (fmc) are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Affected Versions

Cisco / Cisco Secure Firewall Management Center (FMC)
6.4.0.6 6.4.0.7 6.4.0.4 6.4.0.1 6.4.0.8 6.4.0.2 6.4.0.3 6.4.0.5 6.4.0 6.4.0.9 6.4.0.10 6.4.0.11 6.4.0.12 7.0.0 7.0.0.1 7.0.1 7.1.0 6.4.0.13 7.0.1.1 6.4.0.14 7.1.0.1 7.0.2 6.4.0.15 7.2.0 7.0.2.1 7.0.3 7.1.0.2 7.2.0.1 7.0.4 7.2.1 7.0.5 6.4.0.16 7.3.0 7.2.2 7.3.1 7.2.3 7.1.0.3 7.2.3.1 7.2.4 7.0.6 7.2.4.1 7.2.5 7.3.1.1 7.4.0 6.4.0.17 7.0.6.1 7.2.5.1 7.4.1 7.2.6 7.4.1.1 7.0.6.2 6.4.0.18 7.2.7 7.2.5.2 7.3.1.2 7.2.8 7.6.0 7.4.2 7.2.8.1 7.0.6.3 7.4.2.1 7.2.9 7.0.7 7.7.0 7.4.2.2 7.2.10 7.6.1 7.4.2.3 7.0.8 7.6.2 7.7.10 7.2.10.1 7.0.8.1 7.6.2.1 7.2.10.2 7.7.10.1 7.4.2.4 7.4.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inject-S9ZM4EJf