## https://sploitus.com/exploit?id=E38D0F41-0057-509E-8C5F-ED146DD94855
# CVE-2026-20079 โ Cisco FMC Authentication Bypass
## Description
A vulnerability in the web interface of **Cisco Secure Firewall Management Center (FMC)** Software that allows an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain **root access** to the underlying operating system.
- **CWE:** CWE-288 โ Authentication Bypass Using an Alternate Path or Channel
- **Vendor Advisory:** [cisco-sa-onprem-fmc-authbypass-5JPp45V2](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2)
## Root Cause
The vulnerability is due to an improper system process created at boot time. An attacker can exploit this by sending crafted HTTP requests to the affected device.
## Impact
- Unauthenticated remote attacker can bypass authentication
- Execute arbitrary scripts/commands
- Gain **root access** to the underlying OS
## Affected Products
Cisco Secure Firewall Management Center (FMC) โ refer to Cisco's advisory for specific affected versions.
## Detection Script
`check_cve_2026_20079.py` โ probes the target FMC device to determine if it responds to authenticated API endpoints without credentials.
### Requirements
```bash
pip install requests
```
### Usage
```bash
python3 check_cve_2026_20079.py https://
```
### Output
| Result | Meaning |
|--------|---------|
| `POTENTIALLY VULNERABLE` | Authenticated endpoint accessible without credentials |
| `NOT VULNERABLE (or patched)` | Endpoint correctly returns 401 Unauthorized |
| `Inconclusive` | Unexpected response, manual investigation needed |
## Remediation
Apply the patch provided in the official Cisco advisory:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
## Disclaimer
> This script is intended for **authorized security testing and defensive purposes only**.
> Only run against systems you own or have **explicit written permission** to test.
> Unauthorized use may violate laws including the Computer Fraud and Abuse Act (CFAA).