CP
cyberpings
VulnerabilitiesCRITICAL

Cisco IMC Vulnerability - Critical Authentication Bypass Flaw

Featured image for Cisco IMC Vulnerability - Critical Authentication Bypass Flaw
CSCyber Security News+1 more
CVE-2026-20093Cisco IMCauthentication bypasssecurity flawCisco hardwareCiscoVulnerabilityAuthentication BypassSecurity Update
🎯

There's a serious security problem with some Cisco devices that lets bad guys sneak in without a password. Cisco has fixed it, but you need to update your devices right away to stay safe.

Quick Summary

Cisco has disclosed a critical authentication bypass vulnerability in its Integrated Management Controller (IMC), allowing attackers to gain administrative access. Urgent updates are now available to mitigate this risk.

The Flaw

Cisco has recently disclosed a critical security flaw affecting its Integrated Management Controller (IMC), tracked as CVE-2026-20093. This vulnerability has been assigned a critical Base CVSS score of 9.8, indicating its high severity. The flaw resides in the password change functionality of the Cisco IMC software, which incorrectly processes incoming password change requests. This allows a remote, unauthenticated attacker to send a maliciously crafted HTTP request to an affected device, bypassing standard authentication checks.

What's at Risk

Once authentication is bypassed, attackers can modify the passwords of any existing user on the system, including the primary Admin account. This essentially grants them full administrative access, enabling them to control the system as that user. The vulnerability impacts several Cisco hardware products, including:

  • 5000 Series Enterprise Network Compute Systems (ENCS)
  • Catalyst 8300 Series Edge uCPE
  • UCS C-Series M5 and M6 Rack Servers (in standalone mode)
  • UCS E-Series Servers M3 and M6

Additionally, numerous Cisco appliances that rely on preconfigured versions of the affected UCS C-Series Servers are also at risk. These include Application Policy Infrastructure Controller (APIC) Servers, Catalyst Center Appliances, Secure Firewall Management Center Appliances, and Secure Network Analytics Appliances. However, Cisco has confirmed that certain newer and differently configured products, such as UCS B-Series Blade Servers, UCS X-Series Modular Systems, and UCS C-Series M7 and M8 Rack Servers, are unaffected.

Patch Status

Cisco has released urgent software updates to address this vulnerability, and they strongly recommend that customers upgrade to the fixed software immediately. There are no temporary workarounds or mitigations available to block this vulnerability. For instance, upgrading the IMC on 5000 Series ENCS and Catalyst 8300 Series requires upgrading the underlying Cisco Enterprise NFV Infrastructure Software (NFVIS), while standalone servers can typically use the Cisco Host Upgrade Utility (HUU) to install the fixed IMC releases.

Immediate Actions

Administrators are urged to apply the official software updates provided by Cisco without delay. Although Cisco's Product Security Incident Response Team (PSIRT) has not found evidence of in-the-wild exploitation or proof-of-concept exploit code, the potential for unauthorized access remains a critical concern. As a precaution, organizations should assess their systems for exposure to this vulnerability and prioritize patching affected devices.

In addition to the IMC vulnerability, Cisco has also addressed other critical vulnerabilities, including a Smart Software Manager On-Prem vulnerability (CVE-2026-20160) that could allow remote code execution by unauthenticated users. This highlights the importance of maintaining updated security measures across all Cisco products.

Given the critical nature of this vulnerability, it is essential for organizations using affected Cisco products to prioritize patching. The lack of workarounds makes timely updates crucial to prevent potential exploitation.

Original article from

CSCyber Security News· Abinaya
Read Full Article

Also covered by

BLBleepingComputer

Critical Cisco IMC auth bypass gives attackers Admin access

Read Article

Share

Related Pings

HIGHVulnerabilities

DarkSword Exploit - Apple Loosens Patching Policy for iOS

Apple has changed its patching policy to extend security updates for iOS 18 users. This affects many devices still on older versions. It's crucial to update to stay safe from the DarkSword exploit.

Help Net Security·
CRITICALVulnerabilities

Cisco Smart Software Manager Vulnerability - Critical Flaw Exposed

Cisco has alerted users about a critical vulnerability in its Smart Software Manager. This flaw allows attackers to execute commands remotely, affecting many organizations. Immediate software upgrades are essential to mitigate risks.

Cyber Security News·
CRITICALVulnerabilities

PX4 Autopilot Vulnerability - Attackers Can Control Drones

A critical vulnerability in PX4 Autopilot software allows attackers to gain full control over drones. This flaw poses serious risks to critical infrastructure. CISA has issued urgent recommendations for operators to secure their systems.

Cyber Security News·
HIGHVulnerabilities

TrueConf Zero-Day Vulnerability - Malware Delivery Exploit

A zero-day vulnerability in TrueConf allows attackers to deliver malware through fake updates. Southeast Asian government networks are particularly at risk. Organizations must act quickly to patch this vulnerability and secure their systems.

Help Net Security·
HIGHVulnerabilities

F5 BIG-IP APM - Over 14,000 Instances Exposed to RCE Attacks

A critical RCE vulnerability exposes over 14,000 F5 BIG-IP APM instances. Organizations must act quickly to secure their systems against potential attacks. F5 has issued guidance to help mitigate risks.

BleepingComputer·
HIGHVulnerabilities

iOS 18.7.7 Update - Apple Expands to Block DarkSword Exploit

Apple has expanded the iOS 18.7.7 update to more devices. This update addresses the DarkSword exploit, which poses significant risks to older devices. Users are urged to enable auto-updates for vital security protections.

The Hacker News·