Detections
Analytics

Cisco Secure Firewall Management Center Software Authentication Bypass (cisco-sa-onprem-fmc-authbypass-5JPp45V2)

critical Nessus Plugin ID 302174

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwr96008.

See Also

http://www.nessus.org/u?b9c03426

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwr96008

Plugin Details

Severity: Critical

ID: 302174

File Name: cisco-sa-onprem-fmc-authbypass-5JPp45V2.nasl

Version: 1.1

Type: local

Family: CISCO

Published: 3/13/2026

Updated: 3/13/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:cisco:firepower_management_center

Required KB Items: Host/Cisco/firepower_mc/version

Patch Publication Date: 3/4/2026

Vulnerability Publication Date: 3/4/2026

Reference Information

CVE: CVE-2026-20079

CISCO-SA: cisco-sa-onprem-fmc-authbypass-5JPp45V2

IAVA: 2026-A-0201

CISCO-BUG-ID: CSCwr96008