TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources VULNERABILITIES & THREATS CYBER RISK CYBERSECURITY OPERATIONS PERIMETER NEWS Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical Edge bugs are so fetch, and Cisco just dropped 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale. Nate Nelson,Contributing Writer March 5, 2026 4 Min Read SOURCE: JOHN KERSHAW VIA ALAMY STOCK PHOTO Cisco has disclosed 48 vulnerabilities in its firewall ecosystem, two of which are as critical as vulnerabilities get. They affect the following Cisco technologies: Adaptive Security Appliance (ASA), a traditional, stateful firewall Secure FTD (Firewall Threat Defense), a firewall that combines ASA with other, more advanced features Secure Firewall Management Center (FMC), the centralized management system for the firewall and firewall threat defense products All 48 issues come with fixes, and Cisco strongly recommends that customers update to the latest version software. That sentiment was echoed by The Netherlands Cyber Security Center (NCSC-NL) in its own security advisory on March 4. It predicted that public proof-of-concepts (PoC) and large-scale attempts at abuse may be incoming for the two critical bugs in the bunch, which impact the Secure FMC. Nine more vulnerabilities in Cisco's advisory earned "high" Common Vulnerability Scoring System (CVSS) scores. For the most part, these are denial of service (DoS) bugs, though they also include SQL injection and unauthorized file access issues. The rest of the batch — more DoS bugs, command injection, and cross-site scripting (XSS) flaws, among others — are considered to be of medium severity. Related:Cisco SD-WAN Zero-Day Under Exploitation for 3 Years Critical Vulnerabilities in Cisco Secure FMC The sheer number of vulnerabilities disclosed this week shouldn't cause too much brouhaha. Cisco reveals a flood of new ones affecting this trio of products on a semi-annual schedule. Of more concern is a pair of those vulnerabilities that affect the FMC Web interface. There's CVE-2026-20079, caused by a problematic system process created at boot time. With tailored HTTP requests, attackers could bypass authentication and execute scripts and commands that allow them root access to the FMC's underlying operating system (OS). Then there's CVE-2026-20131, an insecure deserialization issue. If an attacker sends a specially crafted serialized Java object to the FMC's Web-based management interface, they could remotely execute arbitrary code and potentially elevate their privileges to the root level. CVE-2026-20079 and CVE-2026-20131 have both earned the highest possible 10 out of 10 severity score in the CVSS scale. "Cisco effectively positions FMC as the 'nerve center' for unified firewall and threat management," Jeff Liford, associate director at Fenix24, points out. To hammer home just how significant these issues are, he compares them to Cisco's other 10 out of 10 vulnerability that made the rounds last week, in the Catalyst SD-WAN Controller. That zero-day flaw, CVE-2026-20127, was exploited by an unknown but sophisticated threat actor in targeted attacks. Related:SolarWinds WHD Attacks Highlight Risks of Exposed Apps "Where a compromise of SD-WAN management could give attackers control of enterprise routing between sites, compromise of FMC could allow an attacker to undermine network security controls at a much deeper level," Liford says. "An attacker with administrative access to FMC could potentially modify firewall rules, disable inspection controls, or push malicious configurations across multiple devices simultaneously." Edge Attacks Outpace Defenses Cyberattacks at the network edge have been in vogue since at least 2024, led by nation-state threat groups, particularly those aligned with China. In part, that's because these devices are naturally such good entry points into networks. "The return on a single management-plane compromise exceeds what you get from a hundred endpoint compromises," says Collin Hogue-Spears, senior director of solution management at Black Duck, "because the firewall does not just protect the network. It defines the network." Vendors in this space have also had immense trouble clamping down on security holes in their products. Hogue-Spears points out that more known exploited vulnerabilities (KEVs) affected edge devices in 2025 than any other technology, according to VulnCheck. Related:Microsoft Patches 6 Actively Exploited Zero-Days Even more strikingly, Verizon's 2025 Data Breach Investigations Report (DBIR) found a near-eightfold increase in zero-day exploitation of edge devices in 2024 compared to 2023. And in February, the Cybersecurity and Infrastructure Security Agency (CISA) tried to get a handle on its edge problems with the Binding Operational Directive (BOD) 26-02, which ordered federal agencies to find and scrap all end-of-support firewall, router, and VPN gateways within 18 months. "That directive did not come from theoretical risk modeling. It came from incident response data showing nation-state groups using Cisco, Fortinet, Palo Alto, Ivanti, and Juniper devices as their primary initial access vector for two consecutive years," Hogue-Spears says. In his view, most organizations are not keeping pace with the problem. "Defenders built their entire detection stack around endpoint agents and SIEM correlation. Edge devices sit outside that stack, generate their own logs, and run opaque firmware that no third-party tool can inspect," he says. "Until that architecture changes, firewalls and edge appliances will remain the preferred front door." Hogue-Spears recommends that organizations run the Cisco Software Checker against affected devices as soon as possible, and review which other devices at the edge of their networks might be at risk: "An unpatched firewall is an unlocked door with a welcome mat." About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like VULNERABILITIES & THREATS Fortinet Confirms New Zero-Day Behind Malicious SSO Logins by Rob Wright JAN 28, 2026 VULNERABILITIES & THREATS Critical React Flaw Triggers Calls for Immediate Action by Rob Wright DEC 03, 2025 VULNERABILITIES & THREATS Salesforce AI Agents Forced to Leak Sensitive Data by Nate Nelson, Contributing Writer SEP 25, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice THREAT INTELLIGENCE As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks byElizabeth Montalbano MAR 3, 2026 6 MIN READ ICS/OT SECURITY Vehicle Tire Pressure Sensors Enable Silent Tracking byJai Vijayan MAR 3, 2026 3 MIN READ СLOUD SECURITY AI Agent Overload: How to Solve the Workload Identity Crisis byAlexander Culafi MAR 3, 2026 4 MIN READ 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Assessing Security Architectures: Zero Trust vs. Network-Centric Models 5 Steps to Stop Ransomware With Zero Trust 10 Ways a Zero Trust Architecture Protects Against Ransomware Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, L