March 20, 2026

Cisco Fixes 48 Firewall Flaws, Including 2 Critical Vulnerabilities with CVSS 10 Scores

Vaibhav March 6, 2026
Cisco-Fixes-48-Firewall-Flaws-Including-2-Critical-Vulnerabilities-with-CVSS-10-Scoresdata
Post Views: 62

Cisco Releases Security Updates for Secure Firewall Products

Cisco recently released a batch of security updates to address 48 vulnerabilities in its Secure Firewall products, including two critical flaws that could be exploited to bypass authentication and execute remote code.

Vulnerabilities and Updates

The vulnerabilities, which affect Cisco Secure Firewall Adaptive Security Appliance, Cisco Secure Firewall Management Center, and Cisco Secure Firewall Threat Defense, were disclosed in a bundled advisory set that includes 25 separate advisories. The updates are designed to patch a range of issues, including authentication bypass, remote code execution, and insecure deserialization vulnerabilities.

Two of the vulnerabilities, CVE-2026-20079 and CVE-2026-20131, are particularly severe, with a maximum Common Vulnerability Scoring System (CVSS) score of 10. CVE-2026-20079 is an authentication bypass flaw that could allow an attacker to send specially crafted HTTP requests to a vulnerable device, potentially granting root-level access to the system. CVE-2026-20131 is an insecure deserialization vulnerability in the web-based management interface of Cisco Secure Firewall Management Center, which could allow an attacker to send a malicious serialized Java object and trigger remote code execution.

Severity and Impact

In addition to these critical vulnerabilities, the advisory package includes 15 high-severity vulnerabilities with CVSS scores ranging from 7.2 to 8.6, as well as 31 medium-severity flaws with CVSS scores between 4.3 and 6.8. These vulnerabilities affect core firewall services and management components that are commonly deployed across enterprise networks.

Recommendations and Expert Insights

According to Cisco, there are no temporary fixes for the two critical vulnerabilities, and the only way to address them is to upgrade to the patched software versions listed in the advisory. The company recommends that organizations prioritize patch deployment as soon as possible.

Cybersecurity experts note that large coordinated patch releases like this are not unusual in enterprise infrastructure products, even when the vulnerability count appears high. David Brumley, Chief AI and Science Officer at Bugcrowd, said that the size of the release reflects how vendors often handle clusters of related flaws. “Batching patches also helps vendors and organizations test patches for unintended side effects or downtime,” he added.
Brumley also emphasized the importance of patching these vulnerabilities quickly, given the critical role that firewalls play in modern networks. “Firewalls sit directly on the network perimeter, which means they are exposed to the internet and reachable by attackers. If an attacker finds a vulnerability in a firewall or its management system, they can often bypass or disable the very defenses meant to stop them,” he explained.

Threat Landscape and Recommendations

The vulnerabilities patched by Cisco are a reminder of the ongoing threat posed by sophisticated threat actors targeting network edge devices. Brumley noted that nation-state actors in particular often target these systems in telecom providers, government networks, and critical infrastructure because they provide both access and surveillance opportunities.

With the increasing speed at which newly disclosed vulnerabilities are turned into working exploits, defenders face a growing challenge. Brumley pointed to the role of AI in facilitating the rapid development of exploits, making it easier for attackers to target vulnerabilities. As a result, companies running Cisco Secure Firewall environments are advised to review Cisco’s advisory and prioritize patch deployment to reduce exposure.



About Author

Vaibhav

See author's posts

More Stories

Nagomi Security Expands into Agent-Driven Exposure Elimination with Agentic Exposure Ops

Nagomi Security Expands into Agent-Driven Exposure Elimination with Agentic Exposure Ops

Vaibhav March 19, 2026
Enterprise Browser Security: Versa Secure Delivers Native Protection for Business Apps

Enterprise Browser Security: Versa Secure Delivers Native Protection for Business Apps

Vaibhav March 19, 2026
4chan Dodges UK Regulator Fines, Refuses £520,000 Payment for Online Safety Breaches

4chan Dodges UK Regulator Fines, Refuses £520,000 Payment for Online Safety Breaches

Vaibhav March 19, 2026

Latest Cyber Security News

Nagomi Security Expands into Agent-Driven Exposure Elimination with Agentic Exposure Ops

Nagomi Security Expands into Agent-Driven Exposure Elimination with Agentic Exposure Ops

Vaibhav March 19, 2026
Enterprise Browser Security: Versa Secure Delivers Native Protection for Business Apps

Enterprise Browser Security: Versa Secure Delivers Native Protection for Business Apps

Vaibhav March 19, 2026
4chan Dodges UK Regulator Fines, Refuses £520,000 Payment for Online Safety Breaches

4chan Dodges UK Regulator Fines, Refuses £520,000 Payment for Online Safety Breaches

Vaibhav March 19, 2026
Enterprise Identity Risk Detection and Mitigation with Flare Foretrace

Enterprise Identity Risk Detection and Mitigation with Flare Foretrace

Vaibhav March 19, 2026
iOS Vulnerability Exposed: Researchers Uncover New Exploit Kit

iOS Vulnerability Exposed: Researchers Uncover New Exploit Kit

Vaibhav March 19, 2026
en_USEnglish
en_USEnglish