Share
## https://sploitus.com/exploit?id=E38D0F41-0057-509E-8C5F-ED146DD94855
# CVE-2026-20079 โ€” Cisco FMC Authentication Bypass

## Description

A vulnerability in the web interface of **Cisco Secure Firewall Management Center (FMC)** Software that allows an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain **root access** to the underlying operating system.

- **CWE:** CWE-288 โ€” Authentication Bypass Using an Alternate Path or Channel
- **Vendor Advisory:** [cisco-sa-onprem-fmc-authbypass-5JPp45V2](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2)

## Root Cause

The vulnerability is due to an improper system process created at boot time. An attacker can exploit this by sending crafted HTTP requests to the affected device.

## Impact

- Unauthenticated remote attacker can bypass authentication
- Execute arbitrary scripts/commands
- Gain **root access** to the underlying OS

## Affected Products

Cisco Secure Firewall Management Center (FMC) โ€” refer to Cisco's advisory for specific affected versions.

## Detection Script

`check_cve_2026_20079.py` โ€” probes the target FMC device to determine if it responds to authenticated API endpoints without credentials.

### Requirements

```bash
pip install requests
```

### Usage

```bash
python3 check_cve_2026_20079.py https://
```

### Output

| Result | Meaning |
|--------|---------|
| `POTENTIALLY VULNERABLE` | Authenticated endpoint accessible without credentials |
| `NOT VULNERABLE (or patched)` | Endpoint correctly returns 401 Unauthorized |
| `Inconclusive` | Unexpected response, manual investigation needed |

## Remediation

Apply the patch provided in the official Cisco advisory:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2

## Disclaimer

> This script is intended for **authorized security testing and defensive purposes only**.
> Only run against systems you own or have **explicit written permission** to test.
> Unauthorized use may violate laws including the Computer Fraud and Abuse Act (CFAA).