Cisco Releases Critical Security Patches for Enterprise Networking Products
Cisco Releases Security Patches for Enterprise Networking Products
Cisco recently released a batch of security patches for its enterprise networking products, addressing a total of 50 vulnerabilities across various platforms.
Critical Vulnerabilities
Two critical-severity flaws were disclosed, both affecting the Cisco Secure FMC software.
This flaw can be exploited by sending crafted HTTP requests to a vulnerable device, allowing an attacker to execute arbitrary scripts and gain root access to the underlying operating system.
The second critical issue, CVE-2026-20131, also affects the web interface of Secure FMC and carries a CVSS score of 10/10.
This vulnerability allows an attacker to execute Java code with root privileges by sending a crafted Java byte stream to the affected device.
Successful exploitation could allow an attacker to execute arbitrary code on the device and elevate privileges to root.
However, Cisco notes that the exploitation risk is lower for FMC management interfaces that are not accessible from the internet.
High-Severity Flaws
In addition to the critical vulnerabilities, Cisco also addressed nine high-severity flaws in the ASA Firewall, Secure FMC, and Secure FTD appliances.
These vulnerabilities could be exploited to conduct SQL injection attacks, cause denial-of-service (DoS) conditions, and read, create, or overwrite sensitive files.
Medium-Severity Issues
The remaining 39 flaws addressed in the update are medium-severity issues.
Cisco also released patches for medium-severity security defects in Webex and ClamAV.
The company is not aware of any of these vulnerabilities being exploited in the wild and advises users to update their deployments as soon as possible.
Patch Details
The patches are part of Cisco’s March 2026 bundled publication, which contains 25 security advisories describing the security defects affecting the company’s enterprise networking products.
About Author
English