Cisco Issues Urgent Patches for Critical 9.8 CVSS Flaws in IMC and SSM On-Prem

TL;DR

Cisco has released critical security updates to address two separate vulnerabilities—CVE-2026-20093 and CVE-2026-20160—both carrying a near-perfect CVSS score of 9.8/10.0. These flaws allow unauthenticated remote attackers to bypass authentication, hijack administrative accounts, or execute arbitrary commands with root privileges. No workarounds are available; immediate patching is required.

---

Cisco has issued an urgent advisory regarding two critical security vulnerabilities that could lead to complete system compromise. The flaws affect the Integrated Management Controller (IMC) and the Smart Software Manager On-Prem (SSM On-Prem).

Given the severity of these vulnerabilities and the history of threat actors targeting Cisco's networking infrastructure once patches are public, administrators are urged to prioritize these updates.

CVE-2026-20093: Authentication Bypass in Integrated Management Controller (IMC)

The most widespread of the two vulnerabilities is CVE-2026-20093, which resides in the Cisco Integrated Management Controller. With a CVSS score of 9.8, this flaw allows an unauthenticated, remote attacker to gain elevated access to affected systems.

The Vulnerability Mechanism

According to Cisco, the flaw is caused by the "incorrect handling of password change requests." An attacker can exploit this by sending a specially crafted HTTP request to a vulnerable device.

Impact

If successful, an attacker can:

• Bypass standard authentication protocols.
• Alter the passwords of any local user, including individuals with Admin privileges.
• Log in and gain full control of the system as that user.

Affected Products and Fixed Versions

The vulnerability affects several product lines regardless of device configuration. Security researcher "jyh" is credited with discovering this flaw.

Affected Product	Fixed Version
5000 Series Enterprise Network Compute Systems (ENCS)	4.15.5
Catalyst 8300 Series Edge uCPE	4.18.3
UCS C-Series M5 and M6 Rack Servers (Standalone)	4.3(2.260007), 4.3(6.260017), 6.0(1.250174)
UCS E-Series Servers M3	3.2.17
UCS E-Series Servers M6	4.15.3

---

CVE-2026-20160: Root Command Execution in SSM On-Prem

The second critical flaw, CVE-2026-20160 (also carrying a CVSS score of 9.8), impacts Cisco Smart Software Manager On-Prem (SSM On-Prem). This vulnerability was discovered internally during a Technical Assistance Center (TAC) support case.

The Vulnerability Mechanism

This flaw stems from the unintentional exposure of an internal service. An attacker can exploit this by sending a crafted request to the API of that exposed service.

Impact

A successful exploit allows a remote, unauthenticated attacker to:

• Execute arbitrary commands on the underlying operating system.
• Gain root-level privileges, effectively granting total control over the SSM On-Prem instance.

Fixed Version

Cisco has released the fix in SSM On-Prem version 9-202601.

---

Remediation and Recommendations

At the time of writing, Cisco has stated that there are no workarounds available for either of these vulnerabilities. The only way to mitigate the risk is to apply the software updates provided by Cisco.

While Cisco has noted that there are currently no reports of these vulnerabilities being exploited in the wild, the company cautioned that threat actors have historically weaponized similar flaws shortly after disclosure. Since both vulnerabilities allow remote access without requiring valid credentials, they are high-priority targets for attackers looking to gain a foothold in corporate networks.

Action Plan:

1. Identify all instances of IMC-managed servers and SSM On-Prem within your environment.
2. Verify the current firmware/software versions against the "Fixed Version" list above.
3. Schedule immediate maintenance windows to apply the necessary patches.

---

Source

Title: Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
URL: https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html