Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical
Summary
Cisco has published fixes for 48 vulnerabilities across its firewall ecosystem, with two flaws rated CVSS 10/10. The issues affect Adaptive Security Appliance (ASA), Secure Firewall Threat Defense (FTD) and the Secure Firewall Management Center (FMC). Cisco and the Netherlands NCSC both urge immediate updates; the advisory notes proof‑of‑concepts and large‑scale abuse could follow for the two critical FMC bugs.
The two critical vulnerabilities are CVE-2026-20079 (an authentication bypass via a system process at boot that can lead to root command execution) and CVE-2026-20131 (an insecure deserialization in the FMC web interface allowing remote code execution and potential root privilege escalation). Nine more were scored high (mostly DoS, plus SQL injection and unauthorised file access), with the remainder medium severity.
Key Points
- 48 vulnerabilities disclosed across Cisco ASA, Secure FTD and Secure FMC; fixes are available.
- Two FMC bugs — CVE-2026-20079 and CVE-2026-20131 — score 10/10 and enable remote root access if exploited.
- NCSC-NL warns that PoCs and wide abuse are likely for the two critical FMC flaws.
- Other high‑rated issues include denial of service, SQL injection and unauthorised file access; medium issues include command injection and XSS.
- Edge devices remain a preferred target for threat actors because a single management‑plane compromise yields outsized control.
- Experts recommend running the Cisco Software Checker and patching or isolating affected devices immediately.
Context and Relevance
Firewalls and other edge appliances have been repeatedly targeted in recent years; zero‑day exploitation of edge devices surged in 2024 and 2025. Compromising a management console such as FMC can let attackers alter firewall rules, disable inspections or push malicious configurations across many devices — a far higher payoff than single endpoint compromises. Agencies and vendors are pressing organisations to retire out‑of‑support edge kit and to improve visibility of these devices.
Author style
Punchy: this isn’t routine patch spam. Two 10/10 bugs in FMC make this a genuine emergency for network teams — the kind of hole that can let an attacker take over your network’s control plane. If you run Cisco firewalls or FMC, the details matter and you should prioritise reading the advisories and applying fixes now.
Why should I read this?
Quick and dirty: if you manage Cisco firewalls or anything at the network edge, this is one to action — patch, run the Cisco Software Checker, or isolate the affected kit. Edge compromises give attackers huge leverage; skipping this is asking for trouble.