好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,抓住关键点。 文章主要讲的是Cisco发布了安全更新,修复了两个最高级别的漏洞,这些漏洞存在于Secure Firewall Management Center(FMC)软件中。这两个漏洞都是远程可利用的,并且不需要身份验证。第一个漏洞CVE-2026-20079允许攻击者绕过认证,获得root权限;第二个漏洞CVE-2026-20131则让攻击者可以执行任意Java代码。此外,第二个漏洞还影响到了Cisco的另一个云管理平台SCC Firewall Management。 文章还提到Cisco修复了其他几十个漏洞,并且过去几个月里他们一直在处理类似的高危问题。同时,目前还没有证据表明这些漏洞已经被用于攻击或有PoC代码公开。 现在我要把这些信息浓缩到100字以内。首先确定主要对象:Cisco修复了两个最高级漏洞,涉及FMC软件。然后说明这两个漏洞的影响:远程利用、无需认证、root权限和代码执行。接着提到另一个受影响的产品SCC Firewall Management。最后简要提及修复其他漏洞和没有已知攻击的情况。 组织语言的时候要简洁明了,避免冗余。比如“修复了两个最高级别的漏洞”比“发布了安全更新来修补”更直接。“远程利用”可以简化为“可被远程利用”。同时要注意不要遗漏关键点,如影响范围和修复情况。 最终总结应该是:Cisco修复了Secure FMC中的两个最高级漏洞,允许未认证攻击者远程绕过认证并执行代码获取root权限;其中一漏洞还影响SCC Firewall Management,并已修复其他安全问题。 </think> Cisco修复了Secure FMC中的两个最高级漏洞,允许未认证攻击者远程绕过认证并执行代码获取root权限;其中一漏洞还影响SCC Firewall Management,并已修复其他安全问题。 2026-3-4 19:15:16 Author: www.bleepingcomputer.com(查看原文) 阅读量:13 收藏
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software.
Secure FMC is a web or SSH-based interface for admins to manage Cisco firewalls and configure application control, intrusion prevention, URL filtering, and advanced malware protection.
Both vulnerabilities can be exploited remotely by unauthenticated attackers: the authentication bypass flaw (CVE-2026-20079) allows attackers to gain root access to the underlying operating system, while the remote code execution (RCE) vulnerability (CVE-2026-20131) lets them execute arbitrary Java code as root on unpatched devices.
"An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device," the CVE-2026-20079 advisory reads.
"An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root," Cisco added about CVE-2026-20079.
While they both affect Cisco Secure FMC Software, CVE-2026-20131 also affects Cisco Security Cloud Control (SCC) Firewall Management, a cloud-based security policy manager that simplifies policy across Cisco firewalls and other devices.
At the moment, the company's Product Security Incident Response Team (PSIRT) has no evidence that the two security flaws are exploited in attacks or that proof-of-concept (PoC) exploit code has been published online.
Today, Cisco has also patched dozens of other security vulnerabilities, including 15 high-severity security flaws in Secure FMC, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense software.
In August, Cisco fixed another maximum-severity Secure FMC flaw, warning that it allows unauthenticated remote attackers to inject arbitrary shell commands that are executed on unpatched devices.
More recently, in January, it released patches for a maximum-severity Cisco AsyncOS zero-day that has been exploited in attacks against secure email appliances since November and addressed a critical Unified Communications RCE that was also used in zero-day attacks.
Last month, it also patched a maximum-severity Catalyst SD-WAN authentication bypass flaw that was abused as a zero-day, allowing remote attackers to compromise controllers and add malicious rogue peers to targeted networks.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh