"An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
"An unauthenticated attacker could send crafted HTTP requests to a vulnerable device and modify user passwords, including those of administrators. The attacker could then access the system as an administrator."
"Cisco patched a high-severity defect in Evolved Programmable Network Manager that could allow attackers to access sensitive information, and another in SSM On-Prem that could be exploited for privilege escalation."
"More than two dozen enterprise networking products are impacted by the four security defects, including UCS C-series and E-series servers, as well as appliances that are based on them."
Cisco announced fixes for two critical vulnerabilities and six high-severity vulnerabilities that could lead to authentication bypass, remote code execution, privilege escalation, and information disclosure. The critical vulnerabilities include CVE-2026-20160, which allows arbitrary command execution via an exposed internal service, and CVE-2026-20093, which enables unauthenticated password changes. Additional high-severity flaws were patched in Evolved Programmable Network Manager and Integrated Management Controller, affecting over two dozen enterprise networking products. Cisco is not aware of any exploitation of these vulnerabilities in the wild.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]