Vulnerabilities Cisco Patches Critical Vulnerabilities in Enterprise Networking Products Cisco has rolled out patches for 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD products. By Ionut Arghire | March 5, 2026 (3:50 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Cisco on Wednesday announced fixes for 50 vulnerabilities across its products, including 48 affecting Firewall ASA, Secure FMC, and Secure FTD appliances. Cisco released a March 2026 bundled publication containing 25 security advisories that describe the security defects affecting its enterprise networking products, including two advisories detailing critical-severity flaws. The first of them, tracked as CVE-2026-20079 (CVSS score of 10/10), is described as an authentication bypass in the web interface of Cisco Secure FMC software. Successful exploitation of the bug allows attackers to execute arbitrary scripts on vulnerable deployments and gain root access to the underlying OS. “This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device,” Cisco explains. The web interface of Secure FMC is also impacted by CVE-2026-20131 (CVSS score of 10/10), a critical issue that could allow attackers to execute Java code with root privileges. Advertisement. Scroll to continue reading. The weakness exists because a user-supplied Java byte stream is insecurely deserialized, allowing attackers to send crafted serialized objects to trigger the exploitation. “A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root,” Cisco explains, noting that the exploitation risk is lower for FMC management interfaces that are not accessible from the internet. On Wednesday, Cisco also announced fixes for nine high-severity vulnerabilities in the ASA Firewall, Secure FMC, and Secure FTD appliances, which could be exploited to conduct SQL injection attacks, cause denial-of-service (DoS) conditions, and read, create, or overwrite sensitive files. The remaining three dozen flaws addressed in Cisco’s enterprise networking appliances are medium-severity issues. Cisco also announced patches for medium-severity security defects in Webex and ClamAV. Additional information can be found on Cisco’s security advisories page. Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to update their deployments as soon as possible. Related: Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers Related: Cisco, F5 Patch High-Severity Vulnerabilities Related: Hackers Targeting Cisco Unified CM Zero-Day Related: Cisco Patches Vulnerability Exploited by Chinese Hackers Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Google Plans Two-Week Release Schedule for Chrome Global Coalition Publishes 6G Security and Resilience Principles Critical FreeScout Vulnerability Leads to Full Server Compromise 1.2 Million Affected by University of Hawaii Cancer Center Data Breach Android Update Patches Exploited Qualcomm Zero-Day Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise Researchers Uncover Method to Track Cars via Tire Sensors Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant Latest News Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks Tycoon 2FA Phishing Platform Dismantled in Global Takedown New LexisNexis Data Breach Confirmed After Hackers Leak Files Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively How Pirated Software Turns Helpful Employees Into Malware Delivery Agents AI Security Firm JetStream Launches With $34 Million in Seed Funding LastPass Warns of New Phishing Campaign Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Software and firmware supply chain security company Binarly has appointed Gwenyth Castro as its new CEO. JumpCloud has appointed Roland Palmer as its new Chief Information Security Officer. Nick Andersen has been appointed Acting Director of CISA after the departure of Madhu Gottumukkala. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email