""This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.""
""A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.""
""An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.""
Cisco has issued updates for a critical security flaw in the Integrated Management Controller (IMC) and Smart Software Manager On-Prem. The IMC vulnerability, CVE-2026-20093, allows unauthenticated remote attackers to bypass authentication and gain elevated access, with a CVSS score of 9.8. It affects various Cisco products, including the 5000 Series and UCS C-Series servers. Another vulnerability, CVE-2026-20160, also with a CVSS score of 9.8, allows attackers to execute arbitrary commands on the operating system. Patches have been released for both vulnerabilities.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]