Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

Cisco has rolled out patches for 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD products.

Cisco patches

Cisco on Wednesday announced fixes for 50 vulnerabilities across its products, including 48 affecting Firewall ASA, Secure FMC, and Secure FTD appliances.

Cisco released a March 2026 bundled publication containing 25 security advisories that describe the security defects affecting its enterprise networking products, including two advisories detailing critical-severity flaws.

The first of them, tracked as CVE-2026-20079 (CVSS score of 10/10), is described as an authentication bypass in the web interface of Cisco Secure FMC software.

Successful exploitation of the bug allows attackers to execute arbitrary scripts on vulnerable deployments and gain root access to the underlying OS.

“This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device,” Cisco explains.

The web interface of Secure FMC is also impacted by CVE-2026-20131 (CVSS score of 10/10), a critical issue that could allow attackers to execute Java code with root privileges.

Advertisement. Scroll to continue reading.

The weakness exists because a user-supplied Java byte stream is insecurely deserialized, allowing attackers to send crafted serialized objects to trigger the exploitation.

“A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root,” Cisco explains, noting that the exploitation risk is lower for FMC management interfaces that are not accessible from the internet.

On Wednesday, Cisco also announced fixes for nine high-severity vulnerabilities in the ASA Firewall, Secure FMC, and Secure FTD appliances, which could be exploited to conduct SQL injection attacks, cause denial-of-service (DoS) conditions, and read, create, or overwrite sensitive files.

The remaining three dozen flaws addressed in Cisco’s enterprise networking appliances are medium-severity issues.

Cisco also announced patches for medium-severity security defects in Webex and ClamAV. Additional information can be found on Cisco’s security advisories page.

Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to update their deployments as soon as possible.

Related: Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers

Related: Cisco, F5 Patch High-Severity Vulnerabilities

Related: Hackers Targeting Cisco Unified CM Zero-Day

Related: Cisco Patches Vulnerability Exploited by Chinese Hackers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.