Critical Cisco IMC Authentication Bypass Vulnerability Grants Administrative Access
Cisco Releases Patches for Critical Flaw in Unified Management Module
Cisco has released security updates to address a critical vulnerability in its Integrated Management Controller (IMC), which enables out-of-band management of servers even when the operating system is powered off or crashed.
Vulnerability Overview
- The issue, identified as CVE-2026-20093, allows attackers to bypass authentication and gain Admin access to unpatched systems.
- The IMC, also known as CIMC, is a hardware module embedded on the motherboard of Cisco servers.
- The vulnerability lies in the IMC password change functionality, which can be remotely exploited by unauthenticated attackers.
According to Cisco, an attacker could send a crafted HTTP request to an affected device, allowing them to bypass authentication and alter the passwords of any user on the system, including an Admin user. This would grant the attacker access to the system as that user.
Patch Details
- Cisco has released patches for three critical issues:
- A flaw in the Smart Software Manager On-Prem (SSM On-Prem) that could enable threat actors without privileges to gain remote code execution (RCE) on vulnerable hosts.
- A maximum-severity RCE vulnerability in the Secure Firewall Management Center (FMC).
The US Cybersecurity and Infrastructure Security Agency (CISA) has included both of these vulnerabilities in its catalog of flaws abused in the wild, urging federal agencies to secure their systems within a specified timeframe.
Additional Mitigations
Cisco has also taken steps to remediate a breach of its internal development environment, which occurred after credentials were stolen during the recent Trivy supply chain attack.
About Author
English