Cisco has issued security updates to rectify multiple critical and high-severity vulnerabilities, among which is an authentication bypass flaw in the Integrated Management Controller (IMC) that potentially enables unauthorized users to gain Admin access.
The Cisco Integrated Management Controller (CIMC) is an integrated hardware module on the motherboard of Cisco servers that facilitates out-of-band management capabilities, regardless of whether the operating system is operational, for UCS C-Series and E-Series servers. Management can be performed through various interfaces, including the XML API, web user interface (WebUI), and command-line interface (CLI).
The vulnerability, identified as CVE-2026-20093, is located within the password change functionality of the Cisco IMC. Unauthenticated attackers could exploit this flaw remotely, allowing them to bypass authentication mechanisms and obtain Admin privileges on unpatched systems.
Cisco outlined, "This vulnerability arises from improper handling of password change requests. An attacker could leverage this flaw by submitting a specially crafted HTTP request to the affected device."
"The successful exploitation of this vulnerability could enable the attacker to circumvent authentication, modify the passwords of any user within the system— including those of Admin users— and gain access as that specific user."
Urgent Recommendation for Patching
Although Cisco's Product Security Incident Response Team (PSIRT) has not yet discovered any evidence of exploitation in the wild or the existence of proof-of-concept exploit code, the company "strongly recommends that customers upgrade to the fixed software" due to the absence of any temporary mitigation strategies for this security concern.
In addition to the IMC vulnerability, Cisco has also released patches addressing a critical vulnerability in the Smart Software Manager On-Prem (SSM On-Prem), tracked as CVE-2026-20160. This flaw could allow unauthorized threat actors to achieve remote code execution (RCE) on vulnerable SSM On-Prem hosts.
Exploiting this vulnerability entails sending a crafted request to the API of the exposed service, empowering attackers to execute commands on the underlying operating system with root-level privileges.
Earlier this month, Cisco addressed a critical RCE vulnerability in the Secure Firewall Management Center (FMC), tracked as CVE-2026-20131. This flaw had been exploited in zero-day attacks by the Interlock ransomware gang. The Cybersecurity and Infrastructure Security Agency (CISA) has also included CVE-2026-20131 in its catalog of actively exploited vulnerabilities, mandating that federal agencies secure their systems within three days.
Moreover, it was recently reported by BleepingComputer that Cisco's internal development environment experienced a breach due to credentials compromised during the recent Trivy supply chain attack.
Related Articles:
- Cisco fixes severe flaws in data center management solution
- TP-Link warns users to patch critical router auth bypass flaw
- CISA orders feds to patch max-severity Cisco flaw by Sunday
- Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager
- Cisco Catalyst SD-WAN Manager flaw allows remote server access
Share this story