Cisco has released an update that addresses a critical security flaw in the Integrated Management Controller (IMC). Successful exploitation of this flaw could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
This vulnerability is tracked as CVE-2026-20093 and has a CVSS score of 9.8 out of a maximum of 10.0.
“This vulnerability is due to improper handling of password change requests,” Cisco said in an advisory published Wednesday. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.”
“A successful exploit could allow the attacker to bypass authentication, change the password of any user on the system, including the administrator user, and gain access to the system as that user.”
Security researcher “jyh” is credited with discovering and reporting this vulnerability. This shortcoming affects the following products, regardless of device configuration:
5000 Series Enterprise Network Computing System (ENCS) – Fixed in 4.15.5 Catalyst 8300 Series Edge uCPE – Fixed in 4.18.3 UCS C-Series M5 and M6 Rack Servers in Standalone Mode – 4.3(2.260007), 4.3(6.260017), and Fixed in 6.0(1.250174) UCS E-Series Server M3 – Fixed in 3.2.17 UCS E-Series Server M6 – Fixed in 4.15.3
Another critical vulnerability patched by Cisco affects Smart Software Manager On-Prem (SSM On-Prem) and could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability, CVE-2026-20160 (CVSS score: 9.8), is due to the unintentional disclosure of an internal service.
“An attacker could exploit this vulnerability by sending a crafted request to the exposed service’s API,” Cisco said. “A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.”
A patch for this flaw has been released in Cisco SSM On-Premise version 9-202601. Cisco said the vulnerability was discovered internally during the resolution of a support case with the Cisco Technical Assistance Center (TAC).
Although neither vulnerability has been exploited in the wild, many recently revealed security flaws in Cisco products have been weaponized by threat actors. If there is no workaround, we recommend updating to a fixed version for optimal protection.
Source link
