Cisco has launched critical security updates to address an authentication bypass vulnerability in its Integrated Management Controller that allows unauthenticated remote attackers to gain administrative control. The company also patched several other high-severity flaws, including a remote code execution vulnerability in its Smart Software Manager On-Prem systems.
Cisco recently announced the release of multiple security patches designed to fix severe vulnerabilities across its product lineup, most notably within the Integrated Management Controller. This hardware module, which is built into Cisco servers, provides out-of-band management capabilities and is essential for maintaining systems even when the primary operating system is unresponsive. The newly discovered flaw, identified as CVE-2026-20093, stems from a failure in how the system handles password change requests. By sending a specifically crafted HTTP request to a vulnerable device, an attacker can bypass standard security protocols and modify user credentials to gain full administrative access.
Because this vulnerability impacts the fundamental management layer of the hardware, it presents a significant risk to the integrity of data centers using C-Series and E-Series servers. Cisco clarified that the bug allows an external actor to change the password for any account on the system, including those with the highest level of privileges. Once an attacker has secured this access, they can effectively take over the entire server management interface. While there is currently no evidence that this specific flaw has been exploited in the wild, the company is urging all users to apply the provided software updates immediately since no manual workarounds are available to stop a potential attack.
In addition to the issues with the management controller, Cisco has addressed a critical flaw in its Smart Software Manager On-Prem software. This separate vulnerability, tracked as CVE-2026-20160, allows an unprivileged user to execute code remotely on a host system. By targeting the API of the exposed service, threat actors can gain root-level privileges on the underlying operating system. This represents a major security gap for organizations relying on this software to manage their Cisco licenses locally, as it provides a direct path for attackers to compromise internal network infrastructure.
These updates follow a period of heightened security activity for the networking giant, including the recent patching of a maximum-severity vulnerability in the Secure Firewall Management Center. That particular flaw was notably used by the Interlock ransomware group in zero-day attacks, leading the Cybersecurity and Infrastructure Security Agency to mandate rapid patching for federal agencies. The urgency of these latest updates is underscored by the fact that Cisco is frequently targeted by sophisticated threat actors looking to gain a foothold in corporate and government networks through infrastructure management tools.
The broader security landscape for the company remains complex, as reports have also surfaced regarding a breach of Cisco’s internal development environment. That incident involved the use of stolen credentials linked to a separate supply chain attack, highlighting the various ways in which enterprise environments can be compromised. By releasing these patches and advising immediate installation, Cisco aims to close known entry points and protect its customers from the evolving tactics of ransomware groups and other cybercriminals who prioritize high-value infrastructure targets.
Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn