Exploit for Deserialization of Untrusted Data in Cisco Secure_Firewall_Management_Center

🚨 CVE-2026-20131 | Cisco FMC Critical RCE Unauthenticat...

Cisco Adaptive Security Appliance (ASA) Software ESP Packet Processing DoS (cisco-sa-asaftd-esp-dos-uv7yD8P5)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability. - A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secur...

Cisco Firepower Threat Defense (FTD) Software VPN DoS (cisco-sa-asaftd-vpn-dos-SpOFF2Re)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an...

Cisco Firepower Threat Defense (FTD) Software ESP Packet Processing DoS (cisco-sa-asaftd-esp-dos-uv7yD8P5)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Applian...

CVE-2026-20108

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:10+00:00| seen|...

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center FMC Software. The vulnerability in question is CVE-2026-20131 CVSS score: 10.0, a case of insecure...

VulnCheck KEV: CVE-2026-20131

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

CVE-2026-20106

A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of...

CVE-2026-20049

A vulnerability in the processing of Galois/Counter Mode GCM-encrypted Internet Key Exchange version 2 IKEv2 IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker to cause...

CVE-2026-20022

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the...

CVE-2026-20064

CVE-2026-20064 affects Cisco Secure Firewall Threat Defense (FTD) Software. The issue stems from improper validation of user-supplied input, enabling an authenticated, local attacker to inject crafted CLI commands and cause the device to reload, resulting in a DoS. The vulnerability is categorize...

CVE-2026-20025

A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF...

CVE-2026-20022

CVE-2026-20022 affects Cisco Secure Firewall ASA/FTD OSPF processing. The root cause is insufficient input validation when handling OSPF LSU packets, allowing an unauthenticated, adjacent attacker to send crafted OSPF packets that could write outside packet data, trigger a device reload, and caus...

CVE-2026-20020

CVE-2026-20020 describes a vulnerability in the OSPF implementation of Cisco Secure Firewall ASA and Secure Firewall FTD software. The issue stems from insufficient input validation when processing OSPF update packets, which could allow an adjacent, unauthenticated attacker to send crafted packet...

CVE-2026-20016

Cisco FXOS Software CLI contains an input-validation flaw that can allow an authenticated, local attacker with admin credentials to execute arbitrary commands on the underlying OS with root privileges. Root cause: insufficient validation of user-supplied CLI arguments in the Cisco Secure Firewall...

CVE-2026-20016

A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attack...

EUVD-2026-9444

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

EUVD-2026-9434

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due...

EUVD-2026-9430

A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network. This...

CVE-2026-20102

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...