Cisco kat-tlleq patches darooria l-tlataat khtira (9.8 CVSS) f-IMC u SSM On-Prem - صفحة 1

Cisco kat-tlleq patches darooria l-tlataat khtira (9.8 CVSS) f-IMC u SSM On-Prem - صفحة 2

Cisco kat-tlleq patches darooria l-tlataat khtira (9.8 CVSS) f-IMC u SSM On-Prem

03 أبريل 2026

Network Security / Vulnerability

حمّل المانغا PDF اقرا الأصل

Cisco kat-tlleq patches darooria l-tlataat khtira (9.8 CVSS) f-IMC u SSM On-Prem

TL;DR (khulasa)

Cisco khrrjat tahditat amniya darooria bach t-hll joj machakil (vulnerabilities) khtira bzzaf—CVE-2026-20093 u CVE-2026-20160—u b-joj bihom andhom skur d-CVSS ghadi l-l-kammal: 9.8/10.0. Had t-tlataat kat-khlli l-hacker (attacker) mn b3id u bla may-htaj l-password y-khchi rasu, y-skhar l-hsabat d-l-admin, aw y-khddm awamir (commands) b-salahiyat "root". Ma-kayn htta chi t-khrija (workaround) khra mn ghir l-patch; daroori t-updatiw l-andkom daba n-it.

Cisco darat tahdir l-nas li khddamin b-systèmat dyalha 3la joj d-t-guérat (flaws) khtira li ymkn t-khlli l-hacker y-t-hkkam f-système kaml. Had l-machakil kaynin f-Integrated Management Controller (IMC) u Smart Software Manager On-Prem (SSM On-Prem).

3la hsab khtorat had t-tlataat u l-khit-dyal l-hackers li dima kiy-hadfo l-infrastructure d-Cisco mlli kiy-banu l-updates, l-administrateurs khshom y-siybo had l-patchat l-bar-u-daba.

CVE-2026-20093: T-jawoz l-authentication f-Integrated Management Controller (IMC)

L-moushiba l-kbiira fhad l-joj hiya CVE-2026-20093 li kayna f-Cisco IMC. B-skur d-9.8, had l-flaw kat-khlli l-hacker mn b3id y-oussal l-salahiyat t-al3a f-système bla ma-ykon ando htta chi hssab.

Kifach kat-khddm had l-vulnerability?

3la hsab Cisco, had l-mochkila jaya mn "t-amul ghalt m3a t-alabat dyal t-ghyir l-mots de passe (password change requests)." L-hacker y-qdr y-f-yaq had l-mochkila ila sift request HTTP m-sauba b-t-riqa khassa l-chi jihaz fih had l-mochkila.

L-at-ar (Impact)

Ila njhat l-amaliya, l-hacker yqdr:

Y-t-jawoz (bypass) l-ghyalat d-l-authentication l-aadya.
Y-bddl l-password dyal ay user local, htta l-nas li andhom salahiyat Admin.
Y-dkhol u y-t-hkkam f-système kaml b-sifat hadak l-user.

L-mou-ntajat li fiha l-mochkila u l-versions li t-slho

Had l-vulnerability kayna f-bzf d-l-matériel wakha t-kon l-configuration dyalo kifma bghat t-kon. L-ba-hit l-amni "jyh" huwa li k-shaf had l-mochkila.

L-mou-ntaj (Product)	L-version li m-ssl-ha (Fixed)
5000 Series Enterprise Network Compute Systems (ENCS)	4.15.5
Catalyst 8300 Series Edge uCPE	4.18.3
UCS C-Series M5 and M6 Rack Servers (Standalone)	4.3(2.260007), 4.3(6.260017), 6.0(1.250174)
UCS E-Series Servers M3	3.2.17
UCS E-Series Servers M6	4.15.3

CVE-2026-20160: Khidma d-awamir Root f-SSM On-Prem

Had l-flaw l-khira hiya CVE-2026-20160 (tta hiya b-CVSS 9.8), u kat-qis Cisco Smart Software Manager On-Prem (SSM On-Prem). Had l-mochkila t-kshfat l-dakhel (internally) mlli kano kiy-diro support l-chi case dyal TAC.

Kifach kat-khddm had l-vulnerability?

Had l-mochkila jaya mn wahed l-khidma d-dakhel (internal service) li bqat m-hloula bla qssd. L-hacker yqdr y-staghal hadchi ila sift request m-sauba l-l-API d-hadik l-khidma li m-ryo-cha.

L-at-ar (Impact)

Ila t-staghlat had l-vulnerability, ay attacker yqdr:

Y-khddm ay awamir (commands) bghat f-l-operating system l-asli.
Y-ched salahiyat Root, li kat-3tih t-hkkum mot-laq f-système dyal SSM On-Prem.

L-version li m-ssl-ha

Cisco t-lqat l-hal f-SSM On-Prem version 9-202601.

L-islah u t-awsiyat (Remediation)

Htta l-had l-weqt, Cisco qalt belli ma-kayn htta chi hal akhor (workarounds) mn ghir l-update. L-haja l-wahida li tqdr t-hmi biha rasek hiya t-installi l-updates l-amniya li t-lqathom Cisco.

Wakha Cisco qalt belli htta l-daba ma-kaynich t-qarir 3la chi hjomat l-had l-vulnerabilities, walakin charika n-bhat belli l-hackers dima kiy-staghlo fhal had l-machakil d-ghya mlli kiy-t-chr l-patch. Hit had joj machakil kiy-khlliw l-wahd y-oussal l-ghyalat mn b3id bla password, rahom kiy-t-3tabro ahdaf m-uhima bzzaf l-ay wahed bgha y-khchi rasu f-réseau d-chi charika.

Khottat l-amal:

Qlleb 3la ga3 s-servers li m-jiriyin b-IMC u ga3 l-instances d-SSM On-Prem li andkom.
T-akkad mn l-version dyal l-firmware/software li andkom u qar-nha m3a l-list d- "Fixed Version" li l-fouq.
Dir wahed l-weqt d-maintenance d-ghya bach t-installi had l-patchat l-daroria.

L-masdar (Source)

Title: Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
URL: https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html

Cisco kat-tlleq patches darooria l-tlataat khtira (9.8 CVSS) f-IMC u SSM On-Prem

03 أبريل 2026

Network Security / Vulnerability

حمّل المانغا PDF اقرا الأصل

Cisco kat-tlleq patches darooria l-tlataat khtira (9.8 CVSS) f-IMC u SSM On-Prem

TL;DR (khulasa)

3la hsab khtorat had t-tlataat u l-khit-dyal l-hackers li dima kiy-hadfo l-infrastructure d-Cisco mlli kiy-banu l-updates, l-administrateurs khshom y-siybo had l-patchat l-bar-u-daba.

CVE-2026-20093: T-jawoz l-authentication f-Integrated Management Controller (IMC)

Kifach kat-khddm had l-vulnerability?

L-at-ar (Impact)

Ila njhat l-amaliya, l-hacker yqdr:

Y-t-jawoz (bypass) l-ghyalat d-l-authentication l-aadya.
Y-bddl l-password dyal ay user local, htta l-nas li andhom salahiyat Admin.
Y-dkhol u y-t-hkkam f-système kaml b-sifat hadak l-user.

L-mou-ntajat li fiha l-mochkila u l-versions li t-slho

Had l-vulnerability kayna f-bzf d-l-matériel wakha t-kon l-configuration dyalo kifma bghat t-kon. L-ba-hit l-amni "jyh" huwa li k-shaf had l-mochkila.

L-mou-ntaj (Product)	L-version li m-ssl-ha (Fixed)
5000 Series Enterprise Network Compute Systems (ENCS)	4.15.5
Catalyst 8300 Series Edge uCPE	4.18.3
UCS C-Series M5 and M6 Rack Servers (Standalone)	4.3(2.260007), 4.3(6.260017), 6.0(1.250174)
UCS E-Series Servers M3	3.2.17
UCS E-Series Servers M6	4.15.3

CVE-2026-20160: Khidma d-awamir Root f-SSM On-Prem

Kifach kat-khddm had l-vulnerability?

Had l-mochkila jaya mn wahed l-khidma d-dakhel (internal service) li bqat m-hloula bla qssd. L-hacker yqdr y-staghal hadchi ila sift request m-sauba l-l-API d-hadik l-khidma li m-ryo-cha.

L-at-ar (Impact)

Ila t-staghlat had l-vulnerability, ay attacker yqdr:

Y-khddm ay awamir (commands) bghat f-l-operating system l-asli.
Y-ched salahiyat Root, li kat-3tih t-hkkum mot-laq f-système dyal SSM On-Prem.

L-version li m-ssl-ha

Cisco t-lqat l-hal f-SSM On-Prem version 9-202601.

L-islah u t-awsiyat (Remediation)

Htta l-had l-weqt, Cisco qalt belli ma-kayn htta chi hal akhor (workarounds) mn ghir l-update. L-haja l-wahida li tqdr t-hmi biha rasek hiya t-installi l-updates l-amniya li t-lqathom Cisco.

Khottat l-amal:

Qlleb 3la ga3 s-servers li m-jiriyin b-IMC u ga3 l-instances d-SSM On-Prem li andkom.
T-akkad mn l-version dyal l-firmware/software li andkom u qar-nha m3a l-list d- "Fixed Version" li l-fouq.
Dir wahed l-weqt d-maintenance d-ghya bach t-installi had l-patchat l-daroria.

L-masdar (Source)

Title: Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
URL: https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html