Ethical Hacking News
Cisco has recently discovered critical flaws in its Integrated Management Controller (IMC) and SSM On-Prem that could expose sensitive data to remote attackers. The company has released patches for these vulnerabilities, which are considered high-severity and highlight the ongoing importance of software updates and vulnerability management in protecting against cyber threats.
Cisco has released patches for two critical and six high-severity vulnerabilities in its products. The most severe critical flaw allows bypassing authentication via a crafted HTTP request, granting full system access. A second critical flaw enables unauthenticated attackers to run commands with root privileges via a crafted API request. These vulnerabilities highlight the importance of regular software updates and vulnerability management. Failure to address these vulnerabilities can result in significant security risks, including data breaches.
Cisco has recently released patches for two critical and six high-severity vulnerabilities that could allow remote attackers to bypass authentication, execute malicious code, escalate privileges, and access sensitive information. These flaws highlight the ongoing importance of software updates and vulnerability management in protecting against cyber threats.
The most severe critical flaw, CVE-2026-20093 (CVSS score of 9.8), is found in Cisco Integrated Management Controller (IMC) and allows a remote attacker to bypass authentication via a crafted HTTP request. This could grant attackers the ability to change user passwords, including admin accounts, and gain full system access.
Another critical flaw, CVE-2026-20160 (CVSS score of 9.8), is found in SSM On-Prem and enables unauthenticated attackers to run commands on the host OS with root privileges via a crafted API request. Both flaws are considered high-severity vulnerabilities and demonstrate the potential risks associated with outdated or unpatched software.
In addition to these critical flaws, Cisco has also identified six high-severity vulnerabilities that could allow remote attackers to execute malicious code or gain access to sensitive information. These vulnerabilities highlight the importance of regular software updates and vulnerability management in protecting against cyber threats.
The discovery of these critical and high-severity vulnerabilities serves as a reminder for organizations to prioritize software updates and vulnerability management. Failure to address these vulnerabilities could result in significant security risks, including data breaches and unauthorized access to sensitive information.
In light of this new information, it is essential for organizations to review their current software inventory and implement a regular update and patching schedule to mitigate the risk of exploitation by remote attackers.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Discovers-Critical-Flaws-Exposing-Sensitive-Data-to-Remote-Attackers-ehn.shtml
https://securityaffairs.com/190295/security/cisco-fixed-critical-and-high-severity-flaws.html
https://www.securityweek.com/cisco-patches-critical-and-high-severity-vulnerabilities/
https://cybersixt.com/a/Tu8tcog9yxLec8SipMmGlj
https://nvd.nist.gov/vuln/detail/CVE-2026-20093
https://www.cvedetails.com/cve/CVE-2026-20093/
https://nvd.nist.gov/vuln/detail/CVE-2026-20160
https://www.cvedetails.com/cve/CVE-2026-20160/
Published: Thu Apr 2 15:06:52 2026 by llama3.2 3B Q4_K_M
