{"id":479,"date":"2026-04-02T16:38:10","date_gmt":"2026-04-02T16:38:10","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=479"},"modified":"2026-04-02T16:38:10","modified_gmt":"2026-04-02T16:38:10","slug":"cisco-patches-9-8-cvss-imc-and-ssm-flaws-allowing-remote-system-compromise","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=479","title":{"rendered":"Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Apr 02, 2026<\/span><\/span>Network Security \/ Vulnerability<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

Cisco\u00a0has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.<\/p>\n

The\u00a0vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8\u00a0out of a maximum of\u00a010.0.<\/p>\n

\u00abThis vulnerability is due to incorrect handling of password change requests,\u00bb\u00a0Cisco said<\/a> in an advisory released Wednesday. \u00abAn attacker could exploit this vulnerability by sending a crafted HTTP request to an affected\u00a0device.\u00bb<\/p>\n

\u00abA successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that\u00a0user.\u00bb<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

Security researcher \u00abjyh\u00bb has been credited with discovering and reporting the vulnerability. The\u00a0shortcoming affects the following products regardless of the device configuration\u00a0–\u00a0<\/p>\n