Cisco Patches Critical and High-Severity Vulnerabilities
Basically, Cisco fixed serious security holes that hackers could exploit.
Cisco has patched critical and high-severity vulnerabilities that could lead to severe security risks. Users of affected products should update their systems immediately to protect against potential exploits. Stay informed and secure your network!
What Happened
Cisco recently announced the release of patches addressing two critical and six high-severity vulnerabilities. These vulnerabilities could lead to severe security risks, including authentication bypass, remote code execution, privilege escalation, and information disclosure. The company emphasized the importance of applying these patches to safeguard systems against potential exploitation.
The Flaw
One of the critical vulnerabilities is tracked as CVE-2026-20160. It affects the Cisco Smart Software Manager On-Prem (SSM On-Prem). Attackers could exploit this flaw by sending crafted requests to an exposed internal service, allowing them to execute arbitrary commands on the operating system with root-level privileges. The second critical flaw, CVE-2026-20093, involves an authentication bypass issue due to improper handling of password change requests. An unauthenticated attacker could manipulate user passwords, including those of administrators, gaining unauthorized access.
What's at Risk
The vulnerabilities affect over two dozen enterprise networking products, including UCS C-series and E-series servers. Additionally, a high-severity defect in the Evolved Programmable Network Manager (EPNM) could allow unauthorized access to sensitive information. Another flaw in SSM On-Prem could facilitate privilege escalation, putting many systems at risk.
Patch Status
Cisco has already rolled out fixes for these vulnerabilities. The patches address the flaws in SSM On-Prem, EPNM, and four Integrated Management Controller (IMC) vulnerabilities. These IMC vulnerabilities could allow attackers to execute arbitrary commands and gain root privileges due to improper validation of user-supplied input on the web-based management interface.
Immediate Actions
Cisco has stated that it is not aware of any active exploitation of these vulnerabilities in the wild. However, organizations using affected products are strongly advised to apply the patches immediately to mitigate potential risks. For more details, users can refer to Cisco's security advisories page for guidance on updating their systems effectively.