Cisco Secure Firewall Management Center vulnerabilities

CVE-2026-20131 [CRITICAL] CWE-502 CVE-2026-20131: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vuln

CVE-2025-20265 [CRITICAL] CWE-74 CVE-2025-20265: A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (F A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could

CVE-2025-20148 [HIGH] CWE-20 CVE-2025-20148: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitti

CVE-2025-20302 [MEDIUM] CWE-862 CVE-2025-20302: A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an au A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a generated report file

CVE-2025-20235 [MEDIUM] CWE-79 CVE-2025-20235: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interfa

CVE-2025-20301 [MEDIUM] CWE-862 CVE-2025-20301: A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an au A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a troubleshoot file for a

CVE-2025-20218 [MEDIUM] CWE-643 CVE-2025-20218: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request

CVE-2025-20306 [MEDIUM] CWE-77 CVE-2025-20306: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request paramete

CVE-2021-34751 [MEDIUM] CWE-317 CVE-2021-34751: A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Managem A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability exists because of improper encryption

CVE-2024-20424 [CRITICAL] CWE-78 CVE-2024-20424: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain

CVE-2024-20374 [MEDIUM] CWE-269 CVE-2024-20374: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient i

CVE-2024-20473 [MEDIUM] CWE-89 CVE-2024-20473: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit t

CVE-2024-20298 [MEDIUM] CWE-79 CVE-2024-20298: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based manag

CVE-2024-20264 [MEDIUM] CWE-79 CVE-2024-20264: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based manag

CVE-2024-20340 [MEDIUM] CWE-89 CVE-2024-20340: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device

CVE-2024-20410 [MEDIUM] CWE-79 CVE-2024-20410: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based man

CVE-2024-20269 [MEDIUM] CWE-79 CVE-2024-20269: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based manag

CVE-2024-20377 [MEDIUM] CWE-79 CVE-2024-20377: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) cou A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker c

CVE-2024-20364 [MEDIUM] CWE-79 CVE-2024-20364: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-base

CVE-2024-20300 [MEDIUM] CWE-79 CVE-2024-20300: A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Sof A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based manag