By Jessica Lyons
Publication Date: 2026-03-18 17:40:00
Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.
The critical security flaw allows an unauthenticated, remote attacker to execute arbitrary Java code as root on vulnerable devices. Cisco released software updates that fix the vulnerability on March 4 – but the attackers had a head start.
“Our research found that Interlock was exploiting this vulnerability 36 days before its public disclosure, beginning January 26,” Moses, the chief information security officer of Amazon Integrated Security, said on Wednesday.
A Cisco spokesperson told The Register that it will update its security advisory to reflect the exploitation.
