Summary
Cisco patched a critical authentication bypass (CVE-2026-20093) in its Integrated Management Controller that allows unauthenticated attackers to gain Admin access by changing passwords via crafted HTTP requests.
Take Action:
If your organization is running Cisco FMC on-premise, SSM On-Prem, or UCS servers with exposed IMC interfaces, consider this urgent and critical. Your immediate first step must be to ensure the web and management interfaces for all these devices are strictly isolated and accessible only from highly trusted internal networks. Even if you have them isolated, threat actors will weaponize these flaws and look for a way in.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)