A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.
The vulnerability results from an incorrect system process executed during device boot time. An attacker can exploit it by sending specially crafted HTTP requests to the vulnerable device. Successful attack execution allows arbitrary scripts and commands to be executed with root privileges on the device's operating system. No credentials or user interaction are required.
The attacker gains full root access to the device's operating system, enabling complete takeover of Cisco FMC and the firewall devices it manages — including modification of security policies, interception of network traffic, or further compromise of the infrastructure.
Apply patches available from the vendor according to the references: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2. Until updates are applied, it is recommended to restrict access to the FMC web interface only to trusted management networks and monitor logs for unexpected HTTP requests.
Cisco Secure Firewall Management Center (FMC) Software — specific versions indicated in the vendor references (Cisco advisory: cisco-sa-onprem-fmc-authbypass-5JPp45V2)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H