CISA KEV에 등록된 실제 악용 확인 취약점
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If th...
공급사 Cisco
제품 Secure Firewall Management Center (FMC)
영향 버전 7.0.0, 7.0.0.1, 7.0.1, 7.1.0, 6.4.0.13, 7.0.1.1, 6.4.0.14, 7.1.0.1, 7.0.2, 6.4.0.15, 7.2.0, 7.0.2.1, 7.0.3, 7.1.0.2, 7.2.0.1, 7.0.4, 7.2.1, 7.0.5, 6.4.0.16, 7.3.0
수정 버전 공식 출처에서 확인 필요
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
조치 기한: 2026.03.22CVSS 벡터 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE CWE-502
KEV 등록일 2026.03.19
랜섬웨어 캠페인 사용 확인됨
CISA 비고 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh ; https://nvd.nist.gov/vuln/detail/CVE-2026-20131
EPSS 데이터 기준일 2026.06.27
