Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

2026-04-02

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Cisco has released patches for two critical vulnerabilities (CVSS 9.8) affecting the Integrated Management Controller (IMC) and Smart Software Manager On-Prem (SSM On-Prem).

•CVE-2026-20093 in IMC allows unauthenticated remote attackers to bypass authentication by sending a crafted HTTP request due to incorrect handling of password change requests.
•Successful exploitation of CVE-2026-20093 lets attackers alter passwords of any user, including Admin, and gain full system access.
•Affected products include 5000 Series ENCS, Catalyst 8300 Edge uCPE, UCS C-Series M5/M6, and UCS E-Series M3/M6 servers.
•CVE-2026-20160 in SSM On-Prem enables unauthenticated remote command execution with root-level privileges via an unintentionally exposed internal service API.
•

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture