"##bilities being exploited in the wild. systems affected : - cisco secure firewall management center ( fmc ) versions prior to 10. 0. 1 - cisco secure firewall adaptive security appliance ( asa ) software versions prior to 9. 23. 1. 26 - cisco secure firewall threat defense ( ftd…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
93%
"- a vulnerability in the processing of galois / counter mode ( gcm ) - encrypted internet key exchange version 2 ( ikev2 ) ipsec traffic of cisco secure firewall adaptive security appliance ( asa ) software and cisco secure firewall threat defense ( ftd ) software could allow an …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
86%
"- 20065, cve - 2026 - 20066, cve - 2026 - 20067, cve - 2026 - 20068 ) - multiple cisco products are affected by vulnerabilities in the snort 3 visual basic for applications ( vba ) decompression engine that could allow an unauthenticated, remote attacker to cause the snort 3 dete…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.001Default Accounts
71%
"and prioritization. - apply the principle of least privilege to all systems and services. run all software as a non - privileged user ( one without administrative privileges ) to diminish the effects of a successful attack. ( m1026 : privileged account management ) - safeguard 4.…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
70%
"asa ) software and cisco secure firewall threat defense ( ftd ) software could allow an unauthenticated, remote attacker to conduct browser - based attacks against users of an affected device. ( cve - 2026 - 20069 ) successful exploitation of the most severe of these vulnerabilit…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
66%
"- 20064 ) - a vulnerability in the saml 2. 0 single sign - on ( sso ) feature of cisco secure firewall asa software and cisco secure firewall threat defense ( ftd ) software could allow an unauthenticated, remote attacker to conduct a cross - site scripting ( xss ) attack against…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
65%
"affected device. a successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device. ( cve - 2026 - 20079 ) - a vulnerability in the web - based management interface of cisco secure firewall management center ( fmc ) so…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
61%
"system. ( cve - 2026 - 20001, cve - 2026 - 20003 ) - a vulnerability in the ikev2 feature of cisco secure firewall asa software and cisco secure ftd software could allow an authenticated, remote attacker with valid vpn user credentials to cause a dos condition on an affected devi…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
59%
"a dos condition that would require a manual reboot. ( cve - 2026 - 20106 ) - a vulnerability in the vpn web server of cisco secure firewall adaptive security appliance ( asa ) software and cisco secure firewall threat defense ( ftd ) software could allow an unauthenticated, remot…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
53%
"- 20064 ) - a vulnerability in the saml 2. 0 single sign - on ( sso ) feature of cisco secure firewall asa software and cisco secure firewall threat defense ( ftd ) software could allow an unauthenticated, remote attacker to conduct a cross - site scripting ( xss ) attack against…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
40%
"2026 - 20020, cve - 2026 - 20021, cve - 2026 - 20022, cve - 2026 - 20023, cve - 2026 - 20024, cve - 2026 - 20025 ) - a vulnerability in the do not decrypt exclusion feature of the ssl decryption feature of cisco secure firewall threat defense ( ftd ) software could allow an unaut…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
37%
"2026 - 20020, cve - 2026 - 20021, cve - 2026 - 20022, cve - 2026 - 20023, cve - 2026 - 20024, cve - 2026 - 20025 ) - a vulnerability in the do not decrypt exclusion feature of the ssl decryption feature of cisco secure firewall threat defense ( ftd ) software could allow an unaut…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
35%
"multiple vulnerabilities in cisco products could allow for remote code execution multiple vulnerabilities in cisco products could allow for remote code execution ms - isac advisory number : 2026 - 018date ( s ) issued : 03 / 05 / 2026overview : multiple vulnerabilities have been …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1595.002Vulnerability Scanning
30%
"management on a monthly, or more frequent, basis. - safeguard 7. 6 : perform automated vulnerability scans of externally - exposed enterprise assets : perform automated vulnerability scans of externally - exposed enterprise assets using a scap - compliant vulnerability scanning t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution.
Cisco Secure Firewall Management Center (FMC) is a centralized management platform for Cisco firewalls.
Cisco Secure Firewall Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family of firewalls.
Cisco Secure Firewall Threat Defense (FTD) is a unified software image for Cisco Firepower appliances that combines ASA firewall functionality with Snort IPS, URL filtering, and advanced malware protection (AMP).
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution as root, which may lead to the complete compromise of the affected device.