PT-2026-22976 · Cisco · Cisco Secure Firewall Management Center (Fmc)
Jason Crowder
·
Published
2026-03-04
·
Updated
2026-03-04
·
CVE-2026-20044
CVSS v3.1
6.0
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Secure Firewall Management Center (FMC) Software (affected versions not specified)
Description
A flaw exists in the lockdown mechanism of the software that may allow a local attacker with valid administrative credentials to execute arbitrary commands as root. The issue stems from inadequate restrictions on remediation modules when the system is in lockdown mode. Exploitation involves sending crafted input to the system command-line interface (CLI). A successful exploit could enable an attacker to run arbitrary commands or code with root privileges, even while the system is in lockdown.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Secure Firewall Management Center (Fmc)