CISA orders feds to patch max-severity Cisco flaw by Sunday
Recorded: March 20, 2026, 5 p.m.
| Original | Summarized |
CISA orders feds to patch max-severity Cisco flaw by Sunday News Featured Trivy vulnerability scanner breach pushed infostealer via GitHub Actions Microsoft Azure Monitor alerts abused for callback phishing attacks Musician admits to $10M streaming royalty fraud using AI bots FBI links Signal phishing attacks to Russian intelligence services Varonis Atlas: Securing AI and the Data That Powers It Microsoft Exchange Online service change causes email access issues Block ads and trackers on 9 devices for only $16 in this deal FBI warns of Handala hackers using Telegram in malware attacks Tutorials Latest How to access the Dark Web using the Tor Browser How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to use the Windows Registry Editor How to backup and restore the Windows Registry How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Webinars Latest Qualys BrowserCheck STOPDecrypter AuroraDecrypter FilesLockerDecrypter AdwCleaner ComboFix RKill Junkware Removal Tool Deals Categories eLearning IT Certification Courses Gear + Gadgets Security VPNs Popular Best VPNs How to change IP address Access the dark web safely Best VPN for YouTube Forums Virus Removal Guides HomeNewsSecurityCISA orders feds to patch max-severity Cisco flaw by Sunday CISA orders feds to patch max-severity Cisco flaw by Sunday By Bill Toulas March 20, 2026 The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. Red Report 2026: Why Ransomware Encryption Dropped 38% Related Articles: Actively Exploited Bill Toulas Previous Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories Microsoft: March Windows updates break Teams, OneDrive sign-ins Microsoft Azure Monitor alerts abused for callback phishing attacks Trivy vulnerability scanner breach pushed infostealer via GitHub Actions Sponsor Posts Secure your AI agents without sacrificing speed. AI is a data-breach time bomb: Read the new report Are refund fraud methods targeting your brand? You can monitor the underground for these threats. Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast. Overdue a password health-check? Audit your Active Directory for free Follow us: Main Sections News Community Forums Useful Resources Welcome Guide Company About BleepingComputer Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... |
CISA issued an urgent directive to federal agencies, mandating the patching of a maximum-severity vulnerability, CVE-2026-20131, within Cisco Secure Firewall Management Center (FMC) by March 22, 2026. This action stemmed from evidence of active exploitation of the flaw by the Interlock ransomware gang, a threat actor who had been leveraging the vulnerability as a zero-day since late January of that year. The vulnerability itself resides within the web-based management interface of the FMC software, allowing for unauthenticated, remote attackers to execute arbitrary Java code with root-level access. The mechanism involves the insecure deserialization of a user-supplied Java byte stream, a known attack vector. Amazon threat intelligence researchers confirmed the exploitation, highlighting the concerning timeline, emphasizing that Interlock had been actively targeting systems prior to Cisco’s public disclosure of the security bulletin. The ransomware group’s tactics included utilizing the ClickFix technique for initial access and deploying custom remote access trojans like NodeSnake and Slopoly, further expanding the scope of potential damage. The vulnerability was subsequently added to CISA's Known Exploited Vulnerabilities (KEV) catalog, categorized as "known to be used in ransomware campaigns," signifying its immediate operational threat. Given the critical nature of the vulnerability and the confirmed ongoing exploitation, CISA imposed a deadline for Federal Civilian Executive Branch (FCEB) agencies—a restriction to apply patches by March 22nd—effectively halting the use of the affected product. While the directive primarily applies to FCEB entities, CISA strongly advised all organizations subject to Binding Operational Directive (BOD) 22-01, as well as private firms, state/local governments, and non-FCEB entities, to prioritize mitigation. This urgency reflects a concerning trend of attackers exploiting zero-day vulnerabilities, particularly within widely deployed security infrastructure components. The situation underscores the importance of proactive vulnerability management and rapid response to emerging threats. |