A critical vulnerability exists in the Cisco Secure Firewall Management Center (FMC) software that allows an unauthenticated remote attacker to take complete control of the device. Successful exploitation could lead to arbitrary command execution on the system, enabling an attacker to modify firewall rules, access sensitive network data, and pivot to attack other internal resources, resulting in a full network compromise.

The vulnerability is a command injection flaw within the RADIUS subsystem of the Cisco Secure Firewall Management Center. An unauthenticated, remote attacker can send a specially crafted RADIUS request to an affected device. Due to improper input validation, the malicious payload is passed directly to the underlying operating system's shell and executed with high-level privileges, granting the attacker full control over the system.

This vulnerability is rated as critical severity with a CVSS score of 10.0, representing the highest possible risk. A successful exploit would grant an attacker complete administrative control over the Firewall Management Center, which is a central point of network security policy and administration. The potential consequences include the ability to alter or disable firewall policies to allow malicious traffic, exfiltrate sensitive network configurations and credentials, disrupt network operations, and use the compromised FMC as a foothold to launch further attacks against the internal network. This constitutes a complete loss of confidentiality, integrity, and availability for the managed security infrastructure.

Immediate Action: Update all instances of Cisco Secure Firewall Management Center Software to the latest patched version as recommended by the vendor. Prioritize patching for systems with management interfaces exposed to the internet or untrusted networks. After patching, monitor for any potential exploitation attempts that may have occurred prior to remediation by reviewing system and access logs for unusual activity.

Proactive Monitoring: Organizations should monitor network traffic to the RADIUS service ports (UDP 1812/1813, 1645/1646) on FMC devices for anomalous or malformed packets. Review FMC system logs for any unexpected shell command executions, new processes, or unauthorized configuration changes. Implement intrusion detection system (IDS) rules that can identify and alert on common command injection payloads.

Compensating Controls: If immediate patching is not feasible, restrict network access to the FMC’s RADIUS service ports to only trusted IP addresses and dedicated management segments using an upstream firewall or access control lists (ACLs). If the RADIUS feature is not in use, consider disabling the service entirely on the device to eliminate this attack vector.

Public Exploit Available: False

This vulnerability presents a grave and immediate risk to the organization. Given the critical CVSS score of 10.0, which allows for unauthenticated remote code execution, it is imperative that all affected Cisco Secure Firewall Management Center instances are patched immediately. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime candidate for future inclusion. Organizations must act preemptively to apply the necessary updates without delay to prevent a potential full-scale network breach.