Critical Authentication Bypass in Cisco IMC (CVE‑2026‑20093) & SSM On‑Prem (CVE‑2026‑20160) Threatens Server Management Infrastructure
What It Is – Cisco disclosed two critical (CVSS 9.8) and six high‑severity flaws affecting its Integrated Management Controller (IMC) and SSM On‑Prem management stack. The vulnerabilities allow unauthenticated attackers to bypass authentication, execute arbitrary commands, and gain full administrative control of the managed server.
Exploitability – No public exploit or proof‑of‑concept has been observed, and Cisco’s PSIRT reports no active exploitation. However, the CVSS scores and the remote‑code‑execution nature make the flaws highly attractive for nation‑state and criminal actors.
Affected Products – Cisco Integrated Management Controller (IMC) on Cisco UCS and other server platforms; Cisco Secure Services Manager (SSM) On‑Prem.
TPRM Impact – Many enterprises rely on Cisco’s out‑of‑band management for data‑center and edge servers. A compromised IMC or SSM can give threat actors unfettered access to critical workloads, potentially exposing confidential data, disrupting services, and providing a foothold for lateral movement across the supply chain.
Recommended Actions –
- Prioritize patching IMC and SSM On‑Prem on all Cisco hardware within 48 hours.
- Verify firmware versions against Cisco’s advisory (CVE‑2026‑20093, CVE‑2026‑20160).
- Enforce network segmentation: isolate management interfaces from production traffic.
- Deploy strict API authentication and monitor for anomalous HTTP requests to management endpoints.
- Review third‑party contracts that include Cisco hardware to ensure vendors have applied the patches.
Source: SecurityAffairs – Cisco fixed critical and high‑severity flaws