Cisco has launched updates to handle a crucial safety flaw within the Built-in Administration Controller (IMC) that, if efficiently exploited, may permit an unauthenticated, distant attacker to bypass authentication and achieve entry to the system with elevated privileges.
The vulnerability, tracked as CVE-2026-20093, carries a CVSS rating of 9.8 out of a most of 10.0.
“This vulnerability is because of incorrect dealing with of password change requests,” Cisco mentioned in an advisory launched Wednesday. “An attacker may exploit this vulnerability by sending a crafted HTTP request to an affected system.”
“A profitable exploit may permit the attacker to bypass authentication, alter the passwords of any consumer on the system, together with an Admin consumer, and achieve entry to the system as that consumer.”
Safety researcher “jyh” has been credited with discovering and reporting the vulnerability. The shortcoming impacts the next merchandise whatever the system configuration –
- 5000 Sequence Enterprise Community Compute Programs (ENCS) – Mounted in 4.15.5
- Catalyst 8300 Sequence Edge uCPE – Mounted in 4.18.3
- UCS C-Sequence M5 and M6 Rack Servers in standalone mode – Mounted in 4.3(2.260007), 4.3(6.260017), and 6.0(1.250174)
- UCS E-Sequence Servers M3 – Mounted in 3.2.17
- UCS E-Sequence Servers M6 – Mounted in 4.15.3
One other crucial vulnerability patched by Cisco impacts Sensible Software program Supervisor On-Prem (SSM On-Prem), which may allow an unauthenticated, distant attacker to execute arbitrary instructions on the underlying working system. The vulnerability, CVE-2026-20160 (CVSS rating: 9.8), stems from an unintentional publicity of an inner service.
“An attacker may exploit this vulnerability by sending a crafted request to the API of the uncovered service,” Cisco mentioned. “A profitable exploit may permit the attacker to execute instructions on the underlying working system with root-level privileges.”
Patches for the flaw have been launched in Cisco SSM On-Prem model 9-202601. Cisco mentioned the vulnerability was found internally through the decision of a Cisco Technical Help Heart (TAC) help case.
Whereas neither of the vulnerabilities has been exploited within the wild, a quantity ofrecentlydisclosed safety flaws in Cisco merchandise have been weaponized by menace actors. In the absence of a workaround, clients are really helpful to replace to the fastened model for optimum safety.
