CP
cyberpings
VulnerabilitiesCRITICAL

Cisco Patches Critical IMC and SSM Flaws - Immediate Action Required

Featured image for Cisco Patches Critical IMC and SSM Flaws - Immediate Action Required
THThe Hacker News
CVE-2026-20093CVE-2026-20160CiscoIMCSSM
🎯

Basically, Cisco fixed serious security holes that could let hackers control systems remotely.

Quick Summary

Cisco has patched critical vulnerabilities in its IMC and SSM products, allowing remote attackers to gain elevated access. Users must update their systems immediately to mitigate risks.

What Happened

Cisco has released urgent updates to address two critical vulnerabilities in its Integrated Management Controller (IMC) and Smart Software Manager (SSM). These flaws could allow unauthenticated remote attackers to gain elevated privileges, posing a significant risk to affected systems.

The vulnerabilities are tracked as CVE-2026-20093 and CVE-2026-20160, both carrying a CVSS score of 9.8, indicating their severity. If exploited, attackers could bypass authentication and manipulate user accounts, including administrative access.

The Flaw

The first vulnerability, CVE-2026-20093, arises from incorrect handling of password change requests. An attacker can exploit this flaw by sending a specially crafted HTTP request to the affected device. This could allow them to alter passwords for any user, including admin accounts.

The second flaw, CVE-2026-20160, affects the SSM On-Prem and allows attackers to execute arbitrary commands on the underlying operating system. This vulnerability results from the unintentional exposure of an internal service, enabling attackers to send crafted requests to the API.

What's at Risk

Both vulnerabilities affect a range of Cisco products, including:

  • 5000 Series Enterprise Network Compute Systems (ENCS)
  • Catalyst 8300 Series Edge uCPE
  • UCS C-Series M5 and M6 Rack Servers
  • UCS E-Series Servers M3 and M6

If left unpatched, these vulnerabilities could lead to unauthorized access and control over critical systems, making them a prime target for cybercriminals.

Patch Status

Cisco has released patches for these vulnerabilities:

  • IMC flaw fixed in versions 4.15.5, 4.18.3, and others.
  • SSM On-Prem flaw patched in version 9-202601.

These updates are crucial to mitigate the risk of exploitation. Cisco has emphasized that, while there are no known exploits in the wild, the potential for future attacks remains high.

Immediate Actions

Users are urged to:

  • Update to the latest patched versions immediately.
  • Review system configurations to ensure no unauthorized changes have been made.
  • Monitor for unusual activity that may indicate attempted exploitation.

By taking these steps, organizations can significantly reduce their vulnerability to these critical threats.

🔒 Pro insight: The high CVSS score indicates a pressing need for organizations to prioritize these patches to prevent potential exploitation.

Original article from

THThe Hacker News
Read Full Article

Share

Related Pings

CRITICALVulnerabilities

CVE-2025-55182 - Hackers Breach 766 Next.js Hosts

Hackers have exploited a critical vulnerability in Next.js, breaching 766 hosts and stealing sensitive credentials. Organizations must take swift action to mitigate risks and secure their systems.

The Hacker News·
HIGHVulnerabilities

OpenSSH Vulnerabilities - Security Advisory Released

OpenSSH has issued a security advisory for vulnerabilities in versions prior to 10.3. Users need to update to the latest version to protect their systems. This advisory highlights critical risks that could lead to unauthorized access. Stay secure by applying the necessary updates.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Progress ShareFile - Security Vulnerability Advisory Released

Progress has issued a security advisory for ShareFile vulnerabilities. Users must update to versions v5.12.4 or later to protect their data. This is crucial for maintaining security.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Mongoose Vulnerabilities - Cesanta Issues Security Advisory

Cesanta has issued a security advisory for Mongoose, affecting versions 7.0 to 7.20. Users must update to safeguard against vulnerabilities. Don't wait—protect your systems now!

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has patched critical vulnerabilities that could allow attackers to bypass authentication and gain system access. Organizations using Cisco products are urged to update immediately to avoid risks.

Security Affairs·
CRITICALVulnerabilities

Critical Vulnerability Found in Claude Code After Source Leak

A critical vulnerability in Claude Code was discovered shortly after its source code leak. This flaw could allow attackers to bypass security measures and steal sensitive credentials, posing a significant risk. Developers must act quickly to protect their systems.

SecurityWeek·