Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Cisco Flaws Fixed: IMC and SSM Security Updates

Critical Cisco Flaws Fixed: IMC and SSM Security Updates

Posted on April 2, 2026 By CWS

Cisco has rolled out crucial updates to fix severe vulnerabilities in its Integrated Management Controller (IMC) and Smart Software Manager On-Prem (SSM On-Prem), which pose significant security risks. The flaws, if left unaddressed, could let unauthenticated remote attackers gain unauthorized system access or execute commands with high-level privileges.

Details of the IMC Vulnerability

The IMC vulnerability, identified as CVE-2026-20093, is a critical issue with a CVSS score of 9.8, indicating a high level of severity. The flaw arises from improper processing of password change requests, potentially allowing an attacker to bypass authentication measures and manipulate user passwords, including those of administrative accounts. This could grant the attacker elevated access to the system.

Discovered and reported by security researcher ‘jyh’, this vulnerability impacts various Cisco products, including the 5000 Series Enterprise Network Compute Systems (ENCS) and UCS E-Series Servers. Cisco has addressed the issue in recent updates, with specific versions detailed for each affected product.

SSM On-Prem Flaw and Its Implications

Another critical vulnerability affects Cisco’s SSM On-Prem, identified as CVE-2026-20160, which also bears a CVSS score of 9.8. This flaw is due to the unintended exposure of an internal service, which could be exploited by attackers through crafted API requests. Successful exploitation could result in command execution on the operating system with root privileges.

The SSM On-Prem vulnerability was discovered internally by Cisco during a technical support case analysis. The company has released a patch in version 9-202601 to mitigate this risk.

Recommendations and Future Outlook

As of now, there are no reported instances of these vulnerabilities being exploited in the wild. However, given the severity, Cisco urges all users to promptly update to the latest versions to ensure optimal security. The recent trend of threat actors targeting Cisco products underscores the importance of staying vigilant and maintaining updated systems.

In conclusion, these updates are vital for preventing potential security breaches and safeguarding sensitive data. Organizations using affected Cisco products should prioritize these patches to fortify their network security.

The Hacker News Tags:Cisco, CVE-2026-20093, CVE-2026-20160, Cybersecurity, IMC, IT security, network security, Patches, remote attack, Security, software updates, SSM, system compromise, Vulnerability

Post navigation

Previous Post: Optimizing SOC Efficiency with Enhanced Tier-1 Alert Handling
Next Post: Apple Enhances Device Security Against DarkSword Exploit

Related Posts

Why Organizations Are Abandoning Static Secrets for Managed Identities Why Organizations Are Abandoning Static Secrets for Managed Identities The Hacker News
n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions The Hacker News
CISA Identifies Critical Flaws in ConnectWise and Windows CISA Identifies Critical Flaws in ConnectWise and Windows The Hacker News
Malicious Ads Lead to EDR-Disabling Malware via Huawei Driver Malicious Ads Lead to EDR-Disabling Malware via Huawei Driver The Hacker News
Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager The Hacker News
GPUBreach Exploit Elevates CPU Privileges via GPU Memory GPUBreach Exploit Elevates CPU Privileges via GPU Memory The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark