好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读文章内容,理解主要信息。 文章讲的是美国网络安全和基础设施安全局(CISA)将思科FMC和SCC防火墙管理中的一个漏洞加入已知被利用的漏洞目录。这个漏洞编号是CVE-2026-20131,CVSS评分为10.0,属于严重级别。漏洞存在于Web管理界面,允许未经身份验证的远程攻击者通过不安全的Java反序列化执行任意代码,并提升权限到root。Interlock勒索软件集团自2026年1月以来一直在利用这个零日漏洞进行攻击。 接下来,我需要提取关键点:CISA添加了思科的漏洞到目录中,漏洞编号、CVSS评分、影响、攻击者利用情况以及修复截止日期。 然后,我要将这些信息浓缩成一句话,不超过100字。要确保包含主要实体(CISA、思科)、漏洞细节(编号、评分)、影响(远程代码执行、权限提升)、攻击者(Interlock)和修复时间。 最后,检查语言是否简洁明了,没有使用不必要的开头词。 </think> 美国网络安全机构CISA将思科FMC和SCC防火墙管理中的一个严重远程代码执行漏洞(CVE-2026-20131)加入已知被利用漏洞目录。该漏洞允许未经身份验证的攻击者通过不安全的Java反序列化执行任意代码并提升权限至root。Interlock勒索软件集团自2026年1月起一直在利用此零日漏洞进行攻击。 2026-3-19 17:37:34 Author: securityaffairs.com(查看原文) 阅读量:8 收藏
U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management, tracked as CVE-2026-20131 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog.
“A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.” reads the advisory. “This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”
The vulnerability is a remote code execution flaw that resides in Cisco Secure FMC’s web interface and allows unauthenticated remote attackers to exploit insecure Java deserialization and execute arbitrary code as root by sending a crafted serialized object.
The networking giant addressed the flaw in early March 2026.
The Interlock ransomware group has been exploiting this critical zero-day RCE vulnerability since late January.
Interlock ransomware group has been active since September 2024, it has targeted multiple organizations, including DaVita, Kettering Health, and Texas Tech University. Recently, researchers observed a new AI-assisted malware strain called Slopoly used in its operations.
Amazon researchers observed the Interlock group exploiting the CVE-2026-20131 flaw 36 days before disclosure, starting on January 26, 2026. This gave attackers time to compromise targets before detection. The activity was uncovered via honeypots and shared with Cisco to aid in the investigation and protect customers.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by March 22, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
如有侵权请联系:admin#unsafe.sh