Cisco Fixes Critical IMC and SSM Flaws Enabling Remote Takeover

Cisco has released security updates to address two critical vulnerabilities that could allow attackers to remotely compromise affected systems.

The first flaw impacts Cisco’s Integrated Management Controller (IMC). If exploited, it could let an unauthenticated attacker bypass authentication and gain elevated access. Tracked as CVE-2026-20093, the vulnerability carries a CVSS score of 9.8.

According to Cisco, the issue stems from improper handling of password change requests. An attacker could exploit it by sending a specially crafted HTTP request to a vulnerable device. A successful attack could allow the attacker to change passwords for any user, including administrators, and log in with those privileges.

The vulnerability was discovered and reported by security researcher “jyh.” It affects multiple Cisco products, regardless of configuration. Cisco has released fixes in the following versions:

• 5000 Series Enterprise Network Compute Systems (ENCS): fixed in version 4.15.5
• Catalyst 8300 Series Edge uCPE: fixed in version 4.18.3
• UCS C-Series M5 and M6 Rack Servers (standalone mode): fixed in versions 4.3(2.260007), 4.3(6.260017), and 6.0(1.250174)
• UCS E-Series Servers M3: fixed in version 3.2.17
• UCS E-Series Servers M6: fixed in version 4.15.3

Cisco also addressed a second critical flaw in its Smart Software Manager On-Prem (SSM On-Prem). Identified as CVE-2026-20160 and also rated 9.8 on the CVSS scale, this vulnerability could allow unauthenticated remote attackers to execute arbitrary commands with root-level privileges.

The issue is caused by unintended exposure of an internal service. By sending a crafted request to the service’s API, an attacker could gain control over the underlying operating system.

Cisco has released a fix for this vulnerability in SSM On-Prem version 9-202601. The issue was identified internally during the resolution of a Cisco Technical Assistance Center (TAC) support case.

Although there is no evidence that either vulnerability has been exploited in the wild, recent trends show that attackers are quick to weaponize newly disclosed Cisco flaws. Since no workarounds are available, Cisco strongly advises customers to update to the latest patched versions to stay protected.