Back

Critical Cisco IMC Vulnerability Allows Full Admin Access via Authentication Bypass

Severity: High (Score: 72.9)

Sources: Bleepingcomputer, Cybersecuritynews, Linkedin, Csoonline, Gbhackers

Summary

Cisco Systems has disclosed a critical authentication bypass vulnerability, CVE-2026-20093, affecting its Integrated Management Controller (IMC) with a CVSS score of 9.8. This flaw allows unauthenticated remote attackers to send crafted HTTP requests to vulnerable Cisco UCS C-Series and E-Series servers, enabling them to bypass authentication and gain full administrative access. The vulnerability arises from improper handling of password change requests within the IMC interface. Cisco has not observed any active exploitation but strongly advises all customers to apply the patches immediately, as there are no workarounds available. Additionally, Cisco addressed another critical vulnerability, CVE-2026-20160, which allows remote code execution on its Smart Software Manager On-Prem solution. The urgency of the situation is heightened by the recent exploitation of a related vulnerability, CVE-2026-20131, by the Interlock ransomware group. Security professionals are on alert due to the potential for rapid exploitation of such vulnerabilities. Key Points: • CVE-2026-20093 allows full admin access via authentication bypass on Cisco IMC. • Patches are urgently recommended as there are no temporary mitigations available. • Related vulnerabilities have been actively exploited, raising concerns for unpatched systems.

Key Entities

  • Supply Chain Attack (attack_type)
  • Zero-day Exploit (attack_type)
  • Trivy Supply Chain Attack (campaign)
  • Cisco (company)
  • Cisco Systems (company)
  • CVE-2026-20093 (cve)
  • CVE-2026-20131 (cve)
  • CVE-2026-20160 (cve)
  • ILOBleed (malware)
  • T1078 - Valid Accounts (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • Catalyst 8300 Series Edge UCPE (platform)
  • Cisco UCS C-Series (platform)
  • HPE ILO (platform)
  • HPE Integrated Lights-Out (platform)
  • Html5 Web Interface (platform)
  • Interlock (ransomware_group)
  • Trivy (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed