A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.
Weakness
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Secure_firewall_management_center | Cisco | 6.4.0.13 (including) | 6.4.0.13 (including) |
| Secure_firewall_management_center | Cisco | 6.4.0.14 (including) | 6.4.0.14 (including) |
| Secure_firewall_management_center | Cisco | 6.4.0.15 (including) | 6.4.0.15 (including) |
| Secure_firewall_management_center | Cisco | 6.4.0.16 (including) | 6.4.0.16 (including) |
| Secure_firewall_management_center | Cisco | 6.4.0.17 (including) | 6.4.0.17 (including) |
| Secure_firewall_management_center | Cisco | 6.4.0.18 (including) | 6.4.0.18 (including) |
| Secure_firewall_management_center | Cisco | 7.0.0 (including) | 7.0.0 (including) |
| Secure_firewall_management_center | Cisco | 7.0.0.1 (including) | 7.0.0.1 (including) |
| Secure_firewall_management_center | Cisco | 7.0.1 (including) | 7.0.1 (including) |
| Secure_firewall_management_center | Cisco | 7.0.1.1 (including) | 7.0.1.1 (including) |
| Secure_firewall_management_center | Cisco | 7.0.2 (including) | 7.0.2 (including) |
| Secure_firewall_management_center | Cisco | 7.0.2.1 (including) | 7.0.2.1 (including) |
| Secure_firewall_management_center | Cisco | 7.0.3 (including) | 7.0.3 (including) |
| Secure_firewall_management_center | Cisco | 7.0.4 (including) | 7.0.4 (including) |
| Secure_firewall_management_center | Cisco | 7.0.5 (including) | 7.0.5 (including) |
| Secure_firewall_management_center | Cisco | 7.0.6 (including) | 7.0.6 (including) |
| Secure_firewall_management_center | Cisco | 7.0.6.1 (including) | 7.0.6.1 (including) |
| Secure_firewall_management_center | Cisco | 7.0.6.2 (including) | 7.0.6.2 (including) |
| Secure_firewall_management_center | Cisco | 7.0.6.3 (including) | 7.0.6.3 (including) |
| Secure_firewall_management_center | Cisco | 7.0.7 (including) | 7.0.7 (including) |
| Secure_firewall_management_center | Cisco | 7.0.8 (including) | 7.0.8 (including) |
| Secure_firewall_management_center | Cisco | 7.0.8.1 (including) | 7.0.8.1 (including) |
| Secure_firewall_management_center | Cisco | 7.1.0 (including) | 7.1.0 (including) |
| Secure_firewall_management_center | Cisco | 7.1.0.1 (including) | 7.1.0.1 (including) |
| Secure_firewall_management_center | Cisco | 7.1.0.2 (including) | 7.1.0.2 (including) |
| Secure_firewall_management_center | Cisco | 7.1.0.3 (including) | 7.1.0.3 (including) |
| Secure_firewall_management_center | Cisco | 7.2.0 (including) | 7.2.0 (including) |
| Secure_firewall_management_center | Cisco | 7.2.0.1 (including) | 7.2.0.1 (including) |
| Secure_firewall_management_center | Cisco | 7.2.1 (including) | 7.2.1 (including) |
| Secure_firewall_management_center | Cisco | 7.2.2 (including) | 7.2.2 (including) |
| Secure_firewall_management_center | Cisco | 7.2.3 (including) | 7.2.3 (including) |
| Secure_firewall_management_center | Cisco | 7.2.3.1 (including) | 7.2.3.1 (including) |
| Secure_firewall_management_center | Cisco | 7.2.4 (including) | 7.2.4 (including) |
| Secure_firewall_management_center | Cisco | 7.2.4.1 (including) | 7.2.4.1 (including) |
| Secure_firewall_management_center | Cisco | 7.2.5 (including) | 7.2.5 (including) |
| Secure_firewall_management_center | Cisco | 7.2.5.1 (including) | 7.2.5.1 (including) |
| Secure_firewall_management_center | Cisco | 7.2.5.2 (including) | 7.2.5.2 (including) |
| Secure_firewall_management_center | Cisco | 7.2.6 (including) | 7.2.6 (including) |
| Secure_firewall_management_center | Cisco | 7.2.7 (including) | 7.2.7 (including) |
| Secure_firewall_management_center | Cisco | 7.2.8 (including) | 7.2.8 (including) |
| Secure_firewall_management_center | Cisco | 7.2.8.1 (including) | 7.2.8.1 (including) |
| Secure_firewall_management_center | Cisco | 7.2.9 (including) | 7.2.9 (including) |
| Secure_firewall_management_center | Cisco | 7.2.10 (including) | 7.2.10 (including) |
| Secure_firewall_management_center | Cisco | 7.2.10.1 (including) | 7.2.10.1 (including) |
| Secure_firewall_management_center | Cisco | 7.2.10.2 (including) | 7.2.10.2 (including) |
| Secure_firewall_management_center | Cisco | 7.3.0 (including) | 7.3.0 (including) |
| Secure_firewall_management_center | Cisco | 7.3.1 (including) | 7.3.1 (including) |
| Secure_firewall_management_center | Cisco | 7.3.1.1 (including) | 7.3.1.1 (including) |
| Secure_firewall_management_center | Cisco | 7.3.1.2 (including) | 7.3.1.2 (including) |
| Secure_firewall_management_center | Cisco | 7.4.0 (including) | 7.4.0 (including) |
| Secure_firewall_management_center | Cisco | 7.4.1 (including) | 7.4.1 (including) |
| Secure_firewall_management_center | Cisco | 7.4.1.1 (including) | 7.4.1.1 (including) |
| Secure_firewall_management_center | Cisco | 7.4.2 (including) | 7.4.2 (including) |
| Secure_firewall_management_center | Cisco | 7.4.2.1 (including) | 7.4.2.1 (including) |
| Secure_firewall_management_center | Cisco | 7.4.2.2 (including) | 7.4.2.2 (including) |
| Secure_firewall_management_center | Cisco | 7.4.2.3 (including) | 7.4.2.3 (including) |
| Secure_firewall_management_center | Cisco | 7.4.2.4 (including) | 7.4.2.4 (including) |
| Secure_firewall_management_center | Cisco | 7.4.3 (including) | 7.4.3 (including) |
| Secure_firewall_management_center | Cisco | 7.4.4 (including) | 7.4.4 (including) |
| Secure_firewall_management_center | Cisco | 7.4.5 (including) | 7.4.5 (including) |
| Secure_firewall_management_center | Cisco | 7.6.0 (including) | 7.6.0 (including) |
| Secure_firewall_management_center | Cisco | 7.6.1 (including) | 7.6.1 (including) |
| Secure_firewall_management_center | Cisco | 7.6.2 (including) | 7.6.2 (including) |
| Secure_firewall_management_center | Cisco | 7.6.2.1 (including) | 7.6.2.1 (including) |
| Secure_firewall_management_center | Cisco | 7.6.3 (including) | 7.6.3 (including) |
| Secure_firewall_management_center | Cisco | 7.6.4 (including) | 7.6.4 (including) |
| Secure_firewall_management_center | Cisco | 7.7.0 (including) | 7.7.0 (including) |
| Secure_firewall_management_center | Cisco | 7.7.10 (including) | 7.7.10 (including) |
| Secure_firewall_management_center | Cisco | 7.7.10.1 (including) | 7.7.10.1 (including) |
| Secure_firewall_management_center | Cisco | 7.7.11 (including) | 7.7.11 (including) |
| Secure_firewall_management_center | Cisco | 10.0.0 (including) | 10.0.0 (including) |
Potential Mitigations
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Related Attack Patterns
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
- https://aws.amazon.com/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20131