Cisco patches partly critical vulnerabilities in several products
On Wednesday, Cisco issued nine security advisories. They address partly critical vulnerabilities in several products.
(Image: Michael Vi/Shutterstock.com)
On Wednesday this week, network equipment supplier Cisco published nine security advisories. Some of them address critical vulnerabilities in several of the company's products. Admins should promptly apply available updates.
In Cisco's Smart Software Manager On-Prem (SSM On-Prem), unauthenticated attackers from the network can inject and execute arbitrary commands in the host's operating system. The cause is an unintentionally externally accessible service. By sending manipulated packets to the service's API, attackers can execute commands as root (CVE-2026-20160, CVSS 9.8, Risk “critical”). Furthermore, in Cisco's Integrated Management Controller (IMC), authentication can be bypassed. This is due to unspecified errors in processing password change requests. Malicious actors can exploit this with carefully crafted HTTP requests without prior authentication to change passwords of any user, including “Admin,” thereby gaining access (CVE-2026-20093, CVSS 9.8, Risk “critical”).
Other high-risk Cisco Vulnerabilities
Cisco's IMC's web-based management interface also has several other vulnerabilities that allow authenticated attackers from the network to execute arbitrary code or inject commands into the operating system, as well as escalate privileges to root (CVE-2026-20094, CVSS 8.8, Risk “high”; CVE-2026-20095, CVE-2026-20096, CVE-2026-20097, all CVSS 6.5, Risk “medium”). In the web-based management interface of Cisco's Evolved Programmable Network Manager (EPNM), a REST API endpoint does not correctly check authorization. This allows authenticated users from the network to gain unauthorized access to sensitive information (CVE-2026-20155, CVSS 8.0, Risk “high”). Cisco's SSM On-Prem web interface also has a privilege escalation vulnerability. Authenticated users can send manipulated messages to vulnerable SSM On-Prem systems and thereby obtain session credentials in subsequent status messages; if the attack is successful, attackers can thus gain administrative privileges (CVE-2026-20151, CVSS 7.3, Risk “high”).
Additionally, Cisco warns of four other security flaws:
- Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability (CVE-2026-20042, CVSS 6.5, Risk “medium”)
- Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability (CVE-2026-20041, CVSS 6.1, Risk “medium”)
- Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities (CVE-2026-20085, CVSS 6.1, Risk “medium”; CVE-2026-20087, CVE-2026-20088, CVE-2026-20089, CVE-2026-20090, CVSS 4.8, Risk “medium”)
- Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability (CVE-2026-20174, CVSS 4.9, Risk “medium”)
Videos by heise
None of the now reported vulnerabilities are being exploited yet; the network equipment supplier adds in the security advisories.
Cisco recently allegedly became the victim of a cyberattack. According to reports, criminals were able to access source code from the development department. This was possible due to a supply chain attack on the Python library LiteLLM from the PyPI package management system.
(dmk)
