Cisco Addresses Critical and High-Priority Security Flaws
Cisco Patches Critical and High-Severity Vulnerabilities in Networking Products
Cisco has released patches for multiple vulnerabilities affecting its networking products, including critical and high-severity issues that could allow attackers to execute arbitrary commands, gain root privileges, and disclose sensitive information.
Most Severe Vulnerabilities
The most severe vulnerabilities include a critical flaw in Cisco Smart Software Manager On-Prem (SSM On-Prem), which could enable an attacker to execute commands on the underlying operating system with root-level privileges. This vulnerability, identified as CVE-2026-20160, exists due to an erroneously exposed internal service:
Another Critical Bug
Another critical bug, tracked as CVE-2026-20093, affects the authentication process in Cisco devices and allows an unauthenticated attacker to modify user passwords, including those of administrators. By exploiting this vulnerability, an attacker could access the system as an administrator:
Affected Products and Corresponding Patches
- UCS C-series and E-series servers
- Appliances based on them
Cisco has addressed several high-severity defects in its Evolved Programmable Network Manager (EPNM), Integrated Management Controller (IMC), and other products. These issues could be exploited for privilege escalation, information disclosure, and arbitrary command execution.
While the company is not aware of any exploitation of these vulnerabilities in the wild, it strongly recommends that customers update their systems with the available patches to prevent potential attacks.
Conclusion
Cisco’s patching efforts demonstrate the company’s commitment to addressing vulnerabilities and ensuring the security of its customers’ networks. However, the existence of these vulnerabilities highlights the ongoing need for vigilance and proactive maintenance in the ever-evolving threat landscape.
About Author
English