Ethical Hacking News
Cisco has announced several security updates to address critical vulnerabilities in its IMC and SSM On-Prem products, including an authentication bypass vulnerability that allows attackers to gain Admin access. Organizations with vulnerable systems are strongly advised to patch as soon as possible to prevent unauthorized access to their systems.
Cisco has released security updates to address several critical and high-severity vulnerabilities. A critical vulnerability in Integrated Management Controller (IMC) authentication bypass allows attackers to gain Admin access. The vulnerability can be remotely exploited by unauthenticated attackers to bypass authentication and access unpatched systems with Admin privileges. Cisco strongly recommends upgrading to fixed software due to the lack of workarounds for this security flaw. Additional vulnerabilities have been patched, including a critical Smart Software Manager On-Prem (SSM On-Prem) vulnerability and a maximum-severity RCE vulnerability in the Secure Firewall Management Center (FMC). Cisco's internal development environment was breached using stolen credentials from the recent Trivy supply chain attack. Organizations with vulnerable systems are advised to take immediate action to address the vulnerabilities and prevent unauthorized access.
Cisco has recently released security updates to address several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that allows attackers to gain Admin access. This vulnerability was discovered in the Cisco IMC password change functionality and can be remotely exploited by unauthenticated attackers to bypass authentication and access unpatched systems with Admin privileges.
The vulnerability, tracked as CVE-2026-20093, is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.
The Cisco IMC is a hardware module embedded on the motherboard of Cisco servers that provides out-of-band management (even if the operating system is powered off or crashed) for UCS C-Series and E-Series servers via multiple interfaces, including XML API, web (WebUI), and command-line (CLI). The vulnerability affects the authentication process of the IMC, allowing attackers to gain unauthorized access to the system.
The Cisco Product Security Incident Response Team (PSIRT) has strongly recommended that customers upgrade to the fixed software as there are no workarounds to temporarily mitigate this security flaw. This is due to the fact that the vulnerability can be exploited by unauthenticated attackers, making it a significant threat to organizations with vulnerable systems.
In addition to this vulnerability, Cisco has also released patches for a critical Smart Software Manager On-Prem (SSM On-Prem) vulnerability (CVE-2026-20160). This vulnerability could enable threat actors without privileges to gain remote code execution (RCE) on vulnerable SSM On-Prem hosts. Attackers can exploit the CVE-2026-20160 vulnerability by sending a crafted request to the exposed service's API, allowing them to execute commands on the underlying OS with root-level privileges.
Furthermore, Cisco has also patched a maximum-severity RCE vulnerability (CVE-2026-20131) in the Secure Firewall Management Center (FMC). This vulnerability was exploited in zero-day attacks by the Interlock ransomware gang. The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20131 to its catalog of flaws abused in the wild, ordering federal agencies to secure their systems within three days.
Recently, it was reported that Cisco's internal development environment was breached using credentials stolen during the recent Trivy supply chain attack. This highlights the importance of patching and securing software vulnerabilities as soon as possible.
In light of these security threats, organizations with vulnerable systems are advised to take immediate action to address the vulnerabilities and prevent unauthorized access to their systems. It is essential to keep up-to-date with the latest security patches and updates from Cisco to ensure the security of critical infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-IMC-Authentication-Bypass-Vulnerability-A-Critical-Security-Threat-for-Organizations-ehn.shtml
https://www.bleepingcomputer.com/news/security/critical-cisco-imc-auth-bypass-gives-attackers-admin-access/
https://nvd.nist.gov/vuln/detail/CVE-2026-20093
https://www.cvedetails.com/cve/CVE-2026-20093/
https://nvd.nist.gov/vuln/detail/CVE-2026-20131
https://www.cvedetails.com/cve/CVE-2026-20131/
https://nvd.nist.gov/vuln/detail/CVE-2026-20160
https://www.cvedetails.com/cve/CVE-2026-20160/
Published: Thu Apr 2 06:32:03 2026 by llama3.2 3B Q4_K_M
