#VU123552 Improper error handling in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) and Cisco Firewall Threat Defense (FTD) - CVE-2026-20068
Published: March 4, 2026
Vulnerability identifier: #VU123552
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-20068
CWE-ID: CWE-388
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Cisco Firewall Threat Defense (FTD)
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Cisco Firewall Threat Defense (FTD)
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to improper error handling when parsing remote procedure call (RPC) data. A remote attacker can send specially crafted RPC packets through an established connection to be parsed by Snort 3 and perform a denial of service attack.
Remediation
Install updates from vendor's website.