Cisco on Wednesday introduced fixes for 2 crucial and 6 high-severity vulnerabilities that could possibly be exploited for authentication bypass, distant code execution, privilege escalation, and knowledge disclosure.
One of many crucial bugs, tracked as CVE-2026-20160, impacts Cisco Sensible Software program Supervisor On-Prem (SSM On-Prem) and will permit attackers to abuse an erroneously uncovered inner service to execute arbitrary instructions.
“An attacker might exploit this vulnerability by sending a crafted request to the API of the uncovered service. A profitable exploit might permit the attacker to execute instructions on the underlying working system with root-level privileges,” Cisco says.
The second crucial flaw is CVE-2026-20093, an authentication bypass difficulty rooted within the incorrect dealing with of password change requests.
An unauthenticated attacker might ship crafted HTTP requests to a susceptible machine and modify consumer passwords, together with these of directors. The attacker might then entry the system as an administrator.
On Wednesday, Cisco patched a high-severity defect in Developed Programmable Community Supervisor (EPNM) that might permit attackers to entry delicate data, and one other in SSM On-Prem that could possibly be exploited for privilege escalation.
The corporate additionally rolled out fixes for 4 Built-in Administration Controller (IMC) vulnerabilities that could possibly be exploited to execute arbitrary instructions and achieve root privileges. All flaws exist as a result of user-supplied enter shouldn’t be correctly validated on IMC’s web-based administration interface.
In keeping with Cisco, greater than two dozen enterprise networking merchandise are impacted by the 4 safety defects, together with UCS C-series and E-series servers, in addition to home equipment which are based mostly on them.
Cisco says it’s not conscious of any of those vulnerabilities being exploited within the wild. Further data will be discovered on the corporate’s safety advisories web page.
Associated: Exploited Zero-Day Amongst 21 Vulnerabilities Patched in Chrome
Associated: TP-Hyperlink Patches Excessive-Severity Router Vulnerabilities
Associated: BIND Updates Patch Excessive-Severity Vulnerabilities
Associated: Cisco Patches A number of Vulnerabilities in IOS Software program
