CVE-2026-20044
Received Received - Intake
Privilege Escalation in Cisco FMC via Lockdown Bypass

Publication date: 2026-03-04

Last updated on: 2026-03-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-04
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20044
EUVD
EUVD-2026-9435
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco secure_firewall_management_center *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software. It allows an authenticated local attacker with valid administrative credentials to execute arbitrary commands as the root user.

The issue arises because the remediation modules do not have sufficient restrictions when the system is in lockdown mode. An attacker can exploit this by sending specially crafted input to the system command line interface (CLI), bypassing lockdown protections and gaining root-level command execution.

Impact Analysis

If exploited, this vulnerability could allow an attacker to run arbitrary commands or code with root privileges on the affected device, even when it is supposed to be in lockdown mode.

This could lead to unauthorized control over the system, potentially compromising the security and integrity of the firewall management center and the network it protects.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that only trusted administrators have valid administrative credentials, as exploitation requires valid admin access.

Additionally, consider restricting local access to the system CLI and monitor for any unusual command executions.

Applying any available patches or updates from Cisco for the Secure Firewall Management Center Software is recommended once released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20044. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart