- Cisco found a 10/10 defect at the Safe Firewall Management Center
- He launched a patch and was advised on possible mitigations
- There is no evidence of abuse in the brado so far, but users should still be on guard
Recently, Cisco set a maximum vulnerability in its Secure Firewall Management Center (FMC) product and urged users to apply patch or mitigation as soon as possible.
FMC is a centralized platform to configure, monitor and analyze the Firewalls Seguros de Cisco, where users can administer policies, track threat intelligence and monitor their implementations in the final points.
According to the new Cisco security notice, vulnerability was discovered in the implementation of the FMC radio subsystem. Radius (remote authentication marking user service) is a protocol used to authenticate, authorize and take into account FMC administrators and VPN users integrating with an external identity server.
Solutions and mitigations
The defect is described as an “inappropriate handling of user entry during authentication error” that could allow a remote attacker not authenticated to inject arbitrary shell commands.
In theory, this could be done by sending artisanal information when entering credentials; However, the warning here is that FMC must be configured for radio authentication for the web -based administration interface, SSH or both, so that the error is exploitable.
The bad news is that, according to BleepingcomputerThis configuration is “commonly used” in business and governmental networks where administrators want centralized login control and accounting for access to the network device. Therefore, the attack surface could be quite large, and high profile victims.
Now it is traced as CVE-2025-20265, and it was given a gravity score of 10/10 (critic).
Cisco launched a patch to solve the problem and said that those who cannot apply should disable radio authentication and replace it with a different method, such as local user accounts, external or similar LDAP. The company also said that mitigations proved to be good in the tests, but warned customers to execute the tests themselves.
Through Bleepingcomputer
