Cisco has launched security updates to handle a number of crucial and high-severity vulnerabilities, together with an Built-in Administration Controller (IMC) authentication bypass that enables attackers to achieve Admin entry.
Also referred to as CIMC, Cisco IMC is a {hardware} module embedded on the motherboard of Cisco servers that gives out-of-band administration (even when the working system is powered off or crashed) for UCS C-Sequence and E-Sequence servers through a number of interfaces, together with XML API, internet (WebUI), and command-line (CLI).
Tracked as CVE-2026-20093, the vulnerability was present in the Cisco IMC password change performance and could be remotely exploited by unauthenticated attackers to bypass authentication and entry unpatched methods with Admin privileges.
“This vulnerability is because of incorrect dealing with of password change requests. An attacker may exploit this vulnerability by sending a crafted HTTP request to an affected gadget,” Cisco defined on Wednesday.
“A profitable exploit may enable the attacker to bypass authentication, alter the passwords of any consumer on the system, together with an Admin consumer, and achieve entry to the system as that consumer.”
“Strongly” suggested to patch as quickly as attainable
Whereas Cisco’s Product Safety Incident Response Group (PSIRT) has but to search out proof of in-the-wild exploitation or a proof-of-concept exploit code, the corporate “strongly recommends that prospects improve to the mounted software program” as there aren’t any workarounds to briefly mitigate this security flaw.
This week, Cisco has additionally launched patches for a crucial Good Software program Supervisor On-Prem (SSM On-Prem) vulnerability (CVE-2026-20160) that might allow menace actors with out privileges to achieve distant code execution (RCE) on weak SSM On-Prem hosts.
Attackers can exploit the CVE-2026-20160 vulnerability by sending a crafted request to the uncovered service’s API, permitting them to execute instructions on the underlying OS with root-level privileges.
Earlier this month, Cisco patched a maximum-severity RCE vulnerability (CVE-2026-20131) in the Safe Firewall Administration Heart (FMC) that the Interlock ransomware gang exploited in zero-day assaults. CISA has additionally added CVE-2026-20131 to its catalog of flaws abused within the wild, ordering federal businesses to safe their methods inside three days.
Extra not too long ago, BleepingComputer reported that Cisco’s inner growth surroundings was breached utilizing credentials stolen throughout the latest Trivy provide chain assault.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, exhibits the place protection ends, and offers practitioners with three diagnostic questions for any software analysis.
