Cisco patched two critical flaws: CVE-2026-20093 (CVSS 9.8) in Integrated Management Controller allows unauthenticated attackers to bypass auth and take over systems including UCS servers. CVE-2026-20160 (CVSS 9.8) in Smart Software Manager On-Prem enables unauthenticated RCE via exposed internal API. IMC is the lights-out management interface—compromising it means full control below the OS. SSM On-Prem manages your licensing. Enterprise patching never stops.

#Cisco #Vulnerability #Patching #EnterpriseSecurity

Source: https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html