CISCO disclosed 48 vulnerabilities across its firewall ecosystem, with two regarded as the most critical. The issues affect Adaptive Security Appliance (ASA), Secure FTD, and Secure Firewall Management Center (FMC), and Cisco says all 48 have fixes and urges customers to update to the latest software.
Two FMC‑related flaws, CVE-2026-20079 and CVE-2026-20131, carry the maximum CVSS score of 10, enabling bypassed authentication or remote arbitrary code execution via the FMC Web interface, potentially allowing root access or privilege escalation. The Netherlands Cyber Security Center (NCSC-NL) echoed Cisco’s advisory on 4 March, warning that public PoC and large-scale abuse attempts may follow these critical bugs.
Relatedly, a previously disclosed 10/10 vulnerability in the Catalyst SD-WAN Controller was exploited in targeted attacks by an unknown threat actor, underscoring the security risks of edge devices and the FMC’s central role in network security. Cisco’s edge-focused critique highlights that a compromised FMC could enable attackers to modify firewall rules, disable inspection, or push malicious configurations across multiple devices. according to The Netherlands Cyber Security Center (NCSC-NL)