BDU:2026-02531 | Уязвимость веб-интерфейса управления программного

📄 Описание

Уязвимость веб-интерфейса управления программного обеспечения администрирования сети Cisco Secure Firewall Management Center (ранее Cisco Firepower Management Center) связана с недостатками механизма десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с правами root путем отправки специально сформированных запросов

🖥️ Уязвимое ПО

Cisco Systems Inc.

Наименование ПО: Cisco Secure Firewall Management Center

Версия ПО: 6.4.0.13 (Cisco Secure Firewall Management Center), 6.4.0.14 (Cisco Secure Firewall Management Center), 6.4.0.15 (Cisco Secure Firewall Management Center), 6.4.0.16 (Cisco Secure Firewall Management Center), 6.4.0.17 (Cisco Secure Firewall Management Center), 6.4.0.18 (Cisco Secure Firewall Management Center), 7.0.0 (Cisco Secure Firewall Management Center), 7.0.0.1 (Cisco Secure Firewall Management Center), 7.0.1 (Cisco Secure Firewall Management Center), 7.0.1.1 (Cisco Secure Firewall Management Center), 7.0.2 (Cisco Secure Firewall Management Center), 7.0.2.1 (Cisco Secure Firewall Management Center), 7.0.3 (Cisco Secure Firewall Management Center), 7.0.4 (Cisco Secure Firewall Management Center), 7.0.5 (Cisco Secure Firewall Management Center), 7.0.6 (Cisco Secure Firewall Management Center), 7.0.6.1 (Cisco Secure Firewall Management Center), 7.0.6.2 (Cisco Secure Firewall Management Center), 7.1.0.1 (Cisco Secure Firewall Management Center), 7.1.0.2 (Cisco Secure Firewall Management Center), 7.1.0.3 (Cisco Secure Firewall Management Center), 7.2.0.1 (Cisco Secure Firewall Management Center), 7.2.3.1 (Cisco Secure Firewall Management Center), 7.2.4.1 (Cisco Secure Firewall Management Center), 7.2.5.1 (Cisco Secure Firewall Management Center), 7.2.5.2 (Cisco Secure Firewall Management Center), 7.2.8.1 (Cisco Secure Firewall Management Center), 7.3.1.1 (Cisco Secure Firewall Management Center), 7.3.1.2 (Cisco Secure Firewall Management Center), 7.4.1.1 (Cisco Secure Firewall Management Center), 7.0.7 (Cisco Secure Firewall Management Center), 7.7.0 (Cisco Secure Firewall Management Center), 7.0.6.3 (Cisco Secure Firewall Management Center), 7.0.8 (Cisco Secure Firewall Management Center), 7.0.8.1 (Cisco Secure Firewall Management Center), 7.1.0 (Cisco Secure Firewall Management Center), 7.2.0 (Cisco Secure Firewall Management Center), 7.2.1 (Cisco Secure Firewall Management Center), 7.2.2 (Cisco Secure Firewall Management Center), 7.2.3 (Cisco Secure Firewall Management Center), 7.2.4 (Cisco Secure Firewall Management Center), 7.2.5 (Cisco Secure Firewall Management Center), 7.2.6 (Cisco Secure Firewall Management Center), 7.2.7 (Cisco Secure Firewall Management Center), 7.2.8 (Cisco Secure Firewall Management Center), 7.2.9 (Cisco Secure Firewall Management Center), 7.2.10 (Cisco Secure Firewall Management Center), 7.2.10.2 (Cisco Secure Firewall Management Center), 7.2.10.1 (Cisco Secure Firewall Management Center), 7.3.0 (Cisco Secure Firewall Management Center), 7.3.1 (Cisco Secure Firewall Management Center), 7.4.0 (Cisco Secure Firewall Management Center), 7.4.1 (Cisco Secure Firewall Management Center), 7.4.2 (Cisco Secure Firewall Management Center), 7.4.2.1 (Cisco Secure Firewall Management Center), 7.4.2.2 (Cisco Secure Firewall Management Center), 7.4.2.3 (Cisco Secure Firewall Management Center), 7.4.2.4 (Cisco Secure Firewall Management Center), 7.4.3 (Cisco Secure Firewall Management Center), 7.4.4 (Cisco Secure Firewall Management Center), 7.4.5 (Cisco Secure Firewall Management Center), 7.6.0 (Cisco Secure Firewall Management Center), 7.6.1 (Cisco Secure Firewall Management Center), 7.6.2 (Cisco Secure Firewall Management Center), 7.6.2.1 (Cisco Secure Firewall Management Center), 7.6.3 (Cisco Secure Firewall Management Center), 7.6.4 (Cisco Secure Firewall Management Center), 7.7.10 (Cisco Secure Firewall Management Center), 7.7.10.1 (Cisco Secure Firewall Management Center), 7.7.11 (Cisco Secure Firewall Management Center), 10.0.0 (Cisco Secure Firewall Management Center)

Тип ПО: ПО программно-аппаратных средств защиты

ОС / платформа: —

⚙️ Технические сведения

Тип ошибки

Восстановление в памяти недостоверных данных (CWE-502)

Класс уязвимости

Уязвимость кода

Дата выявления

04.03.2026

Способ эксплуатации

Манипулирование структурами данных

Способ устранения

Обновление программного обеспечения

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует

Устранение

Уязвимость устранена

📊 CVSS

CVSS 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.0

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

⚠️ Уровень опасности

Критический уровень опасности (базовая оценка CVSS 2.0 составляет 10)
Критический уровень опасности (базовая оценка CVSS 3.1 составляет 10)

🔗 Источники и меры

🔗 https://sec.cloudapps.cisco.com/security/center/co... 🔗 https://www.cisa.gov/sites/default/files/csv/known...

🏷️ Идентификаторы

CVE-2026-20131

📅 Даты

Дата публикации

06.03.2026

Последнее обновление

20.03.2026

Детали уязвимости