Cybersecuritynews
Critical Cisco IMC Vulnerability Allows Full Admin Access via Authentication Bypass
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Cisco Systems has disclosed a critical authentication bypass vulnerability, CVE-2026-20093, affecting its Integrated Management Controller (IMC) with a CVSS score of 9.8. This flaw allows unauthenticated remote attackers to send crafted HTTP requests to vulnerable Cisco UCS C-Series and E-Series servers, enabling them to bypass authentication and gain full administrative access. The vulnerability arises from improper handling of password change requests within the IMC interface. Cisco has not observed any active exploitation but strongly advises all customers to apply the patches immediately, as there are no workarounds available. Additionally, Cisco addressed another critical vulnerability, CVE-2026-20160, which allows remote code execution on its Smart Software Manager On-Prem solution. The urgency of the situation is heightened by the recent exploitation of a related vulnerability, CVE-2026-20131, by the Interlock ransomware group. Security professionals are on alert due to the potential for rapid exploitation of such vulnerabilities.
Key Points: • CVE-2026-20093 allows full admin access via authentication bypass on Cisco IMC. • Patches are urgently recommended as there are no temporary mitigations available. • Related vulnerabilities have been actively exploited, raising concerns for unpatched systems.