{"id":201670,"date":"2026-04-02T11:21:00","date_gmt":"2026-04-02T15:21:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/02\/cisco-patches-9-8-cvss-imc-and-ssm-flaws-allowing-remote-system-compromise\/"},"modified":"2026-04-02T15:55:13","modified_gmt":"2026-04-02T19:55:13","slug":"cisco-patches-9-8-cvss-imc-and-ssm-flaws-allowing-remote-system-compromise","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/02\/cisco-patches-9-8-cvss-imc-and-ssm-flaws-allowing-remote-system-compromise\/","title":{"rendered":"Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise"},"content":{"rendered":"

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/04\/cisco-patches-98-cvss-imc-and-ssm-flaws.html<\/a><\/p>\n

Publish Date: 2026-04-02 11:21:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points.
\n\ue804Ravie Lakshmanan\ue802Apr 02, 2026Network Security \/ Vulnerability<\/p>\n

Cisco\u00a0has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
\nThe\u00a0vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8\u00a0out of a maximum of\u00a010.0.
\n“This vulnerability is due to incorrect handling of password change requests,”\u00a0Cisco said in an advisory released Wednesday. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected\u00a0device.”
\n“A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that\u00a0user.”<\/p>\n

Security researcher “jyh” has been credited with discovering and reporting the vulnerability. The\u00a0shortcoming affects the following products regardless of the device configuration\u00a0–\u00a0<\/p>\n

5000 Series Enterprise Network Compute Systems (ENCS) – Fixed in 4.15.5
\nCatalyst 8300 Series Edge uCPE – Fixed in 4.18.3
\nUCS C-Series M5 and M6 Rack Servers in standalone mode – Fixed in 4.3(2.260007), 4.3(6.260017), and 6.0(1.250174)
\nUCS E-Series Servers M3 – Fixed in 3.2.17
\nUCS E-Series Servers M6 – Fixed in 4.15.3<\/p>\n

Another critical vulnerability patched by Cisco impacts Smart Software Manager On-Prem (SSM On-Prem), which could enable an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The\u00a0vulnerability, CVE-2026-20160 (CVSS score: 9.8), stems from an unintentional exposure of an internal\u00a0service.
\n“An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service,”\u00a0Cisco said. “A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.”<\/p>\n

Patches for the flaw\u00a0have been\u00a0released in Cisco SSM On-Prem version 9-202601. Cisco\u00a0said the vulnerability was discovered internally during the resolution of a Cisco Technical Assistance Center (TAC) support\u00a0case.
\nWhile\u00a0neither of the vulnerabilities\u00a0has been\u00a0exploited in the\u00a0wild, a number\u00a0ofrecentlydisclosed security flaws in Cisco products\u00a0have been weaponized by threat actors. In\u00a0the absence of a workaround,\u00a0customers are recommended to update to the fixed version for optimal protection.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise https:\/\/thehackernews.com\/2026\/04\/cisco-patches-98-cvss-imc-and-ssm-flaws.html Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":201671,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjH6wuST9R8voZTpCC-v5LSwd4O7vlbuRDhXMzcSw9iu0k2JvFOao-3Jr2o9iCs0jqX3pIqHvcYo_n-5Ad80WXeQXKV_DTgJUN0A6nl9f73BA1U0wRoZBqgySfDR6Uk7KD8jXzw2BFLGvusf-96qsINw9jT4PnglZohYM2VhSsdHcpw-cl6vwAekfE-KD_H\/s1600\/cisco-exploit.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-201670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/201670"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=201670"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/201670\/revisions"}],"predecessor-version":[{"id":201672,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/201670\/revisions\/201672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/201671"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=201670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=201670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=201670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}