{"cve_id":"CVE-2026-20131","summary":"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nbsp;on an affected device.\r\n\r\nThis vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.\r\nNote: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"epss":0.00792,"ranking_epss":0.73853,"kev":true,"propose_action":"Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.","ransomware_campaign":"Known","references":["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh","https://aws.amazon.com/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20131"],"published_time":"2026-03-04T18:16:27","cpes":["cpe:2.3:a:cisco:secure_firewall_management_center:10.0.0","cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.13","cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.14","cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.15","cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.16","cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.17","cpe:2.3:a:cisco:secure_firewall_management_center:6.4.0.18","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.0.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.1.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.2.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.3","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.4","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.5","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.6.3","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.7","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.8","cpe:2.3:a:cisco:secure_firewall_management_center:7.0.8.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0","cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.1.0.3","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.0.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.10","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.10.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.10.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.3.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.4.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.5.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.6","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.7","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.8.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.2.9","cpe:2.3:a:cisco:secure_firewall_management_center:7.3.0","cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.3.1.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.0","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.1.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.3","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.2.4","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.3","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.4","cpe:2.3:a:cisco:secure_firewall_management_center:7.4.5","cpe:2.3:a:cisco:secure_firewall_management_center:7.6.0","cpe:2.3:a:cisco:secure_firewall_management_center:7.6.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.6.2","cpe:2.3:a:cisco:secure_firewall_management_center:7.6.2.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.6.3","cpe:2.3:a:cisco:secure_firewall_management_center:7.6.4","cpe:2.3:a:cisco:secure_firewall_management_center:7.7.0","cpe:2.3:a:cisco:secure_firewall_management_center:7.7.10","cpe:2.3:a:cisco:secure_firewall_management_center:7.7.10.1","cpe:2.3:a:cisco:secure_firewall_management_center:7.7.11"]}