Cisco has released an update to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
The vulnerability, tracked as CVE-2026-20093, holds a CVSS score of 9.8 out of a maximum of 10.0.
“This vulnerability is due to mishandling of password change requests,” Cisco said in an advisory issued Wednesday. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.”
“A successful exploit could allow the attacker to bypass authentication, change the password of any user on the system, including the administrator user, and gain access to the system as that user.”
Security researcher “jyh” has been credited with discovering and reporting the vulnerability. This outage affects the following products regardless of device configuration –
- 5000 Series Enterprise Network Compute System (eNCS) – fixed in 4.15.5
- Catalyst 8300 Series Edge UCPE – Fixed in 4.18.3
- UCS C-Series M5 and M6 Rack Servers in Standalone Mode – Fixed in 4.3(2.260007), 4.3(6.260017), and 6.0(1.250174)
- UCS E-Series Server M3 – fixed in 3.2.17
- UCS E-Series Server M6 – fixed in 4.15.3
Another critical vulnerability patched by Cisco affects Smart Software Manager On-Prem (SSM On-Prem), which could enable an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability, CVE-2026-20160 (CVSS score: 9.8), stems from the unintentional exposure of an internal service.
“An attacker could exploit this vulnerability by sending a crafted request to the API of an exposed service,” Cisco said. “A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.”
Patches have been released for the flaw in Cisco SSM On-Prem version 9-202601. Cisco said the vulnerability was discovered internally during the resolution of a Cisco Technical Assistance Center (TAC) support case.
Although none of these vulnerabilities have been openly exploited, several recently discovered security flaws in Cisco products have been weaponized by threat actors. In the absence of a workaround, customers are advised to update to the fixed version for optimal protection.
