CVE-2026-20044

A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials.

Severity	MEDIUM
CVSS	6.0
CWE	CWE-269
KEV
Published	2 months ago
Modified	2 months ago

Related Products

Product	Advisory
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software	cisco-sa-fmc-cmd-inject-S9ZM4EJf
Cisco Nexus Dashboard	cisco-sa-fmc-cmd-inject-S9ZM4EJf
Cisco Firepower Threat Defense Software	cisco-sa-fmc-cmd-inject-S9ZM4EJf
Cisco Catalyst PON Series Switches	cisco-sa-fmc-cmd-inject-S9ZM4EJf
Cisco Application Centric Infrastructure Virtual Edge	cisco-sa-fmc-cmd-inject-S9ZM4EJf
Cisco Secure Firewall Management Center (FMC) Appliances	cisco-sa-fmc-cmd-inject-S9ZM4EJf
Cisco Secure Firewall Management Center (FMC)	cisco-sa-fmc-cmd-inject-S9ZM4EJf