Primary

Context

Cisco Secure Firewall Management Center Command Injection Vulnerability in Lockdown Mode

Vulnerability

A command injection vulnerability has been identified in Cisco Secure Firewall Management Center (FMC) Software. This issue allows an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability arises from inadequate restrictions on remediation modules during lockdown mode, which is disabled by default. An attacker with valid administrative credentials could exploit this by sending crafted input to the system CLI. When lockdown mode is off, root-level access is readily available through the expert CLI command.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution as root, bypassing lockdown mode restrictions.

Remediation

Cisco has released software updates to address this vulnerability. For guidance on upgrading, consult the Cisco Security Vulnerability Policy and use the Cisco Software Checker tool to identify the first fixed release.

Added: Mar 4, 2026, 6:50 PM

Updated: Mar 4, 2026, 6:50 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

3.0

remediation

8.3

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

3.0

remediation

8.3

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Secure Firewall Management Center Command Injection Vulnerability in Lockdown Mode

Vulnerability

Impact

Remediation

Affected Products

Cisco Secure Firewall Management Center

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating