Cisco reports a vulnerability in the Secure Firewall Management Center software which could allow the execution of remote code. Versions 7.0.7 and 7.7.0 with activated radius authentication are concerned. Cisco recommends that users install updates.
A flaw in the implementation of the Radius subsystem of Cisco Secure Firewall Management Center (FMC) software allows an unauthenticized distant attacker to execute arbitrary Shell orders. The fault results from insufficient treatment of user inputs during the authentication phase. An attacker could thus send manipulated identifiers, which would be authenticated on the Radius server and execute orders with high privileges, says Cisco in a security notice.
According to Cisco, the exploitation of this fault requires that the software be configured for Radius authentication in the web administration interface or via SSH. Only versions 7.0.7 and 7.7.0 are affected. Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) are not affected by this vulnerability, specifies the press release.
The network equipment supplier has already published software updates correcting the fault. According to the press release, no bypass solution exists, but to reduce the risk, Cisco recommends using other authentication methods, such as local user accounts, LDAP or SAML SSO. Users should also check these measures in their environment, as they could affect functionality or performance.
The Cisco Product Security Incident Team Team is not aware of any public announcement or exploitation of this security flaw. According to the press release, this recommendation is part of the security notifications for Cisco Secure Firewall ASA, FMC and FTD software in August 2025. Users concerned should install updates without delay.