Cisco shipped fixes for eight vulnerabilities on Wednesday — two rated critical and six high-severity — spanning multiple products including Integrated Management Controller (IMC), Smart Software Manager On-Prem (SSM On-Prem), and Evolved Programmable Network Manager (EPNM). The bugs could be exploited for authentication bypass, remote code execution, privilege escalation, and information disclosure.
Critical Vulnerabilities
CVE-2026-20093 — Cisco IMC Authentication Bypass (CVSS 9.8)
The vulnerability is rooted in incorrect handling of password change requests. An unauthenticated remote attacker could send a crafted HTTP request to an affected device, bypass authentication, alter the passwords of any user on the system — including an admin — and gain elevated access. Security researcher “jyh” has been credited with discovering and reporting the vulnerability.
CVE-2026-20160 — Cisco SSM On-Prem RCE (CVSS 9.8)
This flaw stems from the unintentional exposure of an internal service. An attacker could send a crafted request to the API of the exposed service and execute arbitrary commands on the underlying operating system with root-level privileges. The patch is available in Cisco SSM On-Prem version 9-202601. Cisco noted the vulnerability was discovered internally during the resolution of a TAC support case.
High-Severity Vulnerabilities
On the high-severity side, Cisco patched a defect in EPNM that could allow attackers to access sensitive information, and another in SSM On-Prem exploitable for privilege escalation. Additionally, four IMC vulnerabilities were patched — all rooted in insufficient validation of user-supplied input on IMC’s web-based management interface — that could be exploited to execute arbitrary commands and gain root privileges.
More than two dozen enterprise networking products are impacted by the four IMC security defects, including UCS C-series and E-series servers and appliances based on them.
Exploitation Status
Cisco’s PSIRT is not aware of exploits or proof-of-concept code for any of these vulnerabilities, but strongly advises customers to update to patched software.
