Critical Cisco Secure Firewall Vulnerabilities Enable Remote Code Execution

Severity: High (Score: 76.0)

Sources: Bleepingcomputer, Sec.Cloudapps.Cisco, Scworld, Securityaffairs, Technadu

Summary

Cisco has disclosed two critical vulnerabilities in its Secure Firewall Management Center (FMC) software, allowing unauthenticated remote attackers to bypass authentication and execute arbitrary code with root privileges. These vulnerabilities, tracked as CVE-2026-20079 and CVE-2026-20131, both have a maximum CVSS score of 10.0, posing significant risks to enterprise networks reliant on Cisco's firewall management solutions.

Key Entities

• Data Breach (attack_type)
• DDoS (attack_type)
• Denial of Service (attack_type)
• Ransomware (attack_type)
• Remote Code Execution (attack_type)
• XSS (vulnerability)
• Interlock Ransomware Campaign (campaign)
• Cisco (company)
• City Of Saint Paul (company)
• Davita (company)
• Kalamazoo Public Schools District (company)
• Kettering Health (company)
• CVE-2025-20265 (cve)
• CVE-2025-20333 (cve)
• CVE-2025-20362 (cve)
• CVE-2025-20363 (cve)
• CVE-2025-20393 (cve)
• Government (industry)
• Healthcare (industry)
• Manufacturing (industry)
• NodeSnake (malware)
• Slopoly (malware)
• b885946e72ad51dca6c70abc2f773506 (md5)
• f80d3d09f61892c5846c854dd84ac403 (md5)
• T1021 - Remote Services (mitre_attack)
• T1033 - System Owner/User Discovery (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1047 - Windows Management Instrumentation (mitre_attack)
• T1053 - Scheduled Task/Job (mitre_attack)
• 360 Browser (platform)
• Active Directory Certificate Services (platform)
• Catalyst Sd-wan (platform)
• Catalyst Sd-wan Manager (platform)
• Cisco AsyncOS (platform)
• Chrome (tool)
• Windows Management Instrumentation (tool)
• Bash (tool)
• Certify (tool)
• ConnectWise ScreenConnect (tool)
• Interlock (ransomware_group)