**Cisco** has issued security patches to remediate multiple critical and high-severity vulnerabilities, including a concerning authentication bypass within its Integrated Management Controller (IMC). This flaw could allow malicious actors to gain administrative privileges on affected systems. ### Cisco IMC Authentication Bypass (CVE-2026-20093) The **Cisco** IMC, also known as CIMC, is a hardware module embedded on the motherboard of **Cisco** servers. It provides out-of-band management capabilities for UCS C-Series and E-Series servers, even when the operating system is offline or has crashed. Access is provided through various interfaces, including XML API, web (WebUI), and command-line (CLI). The vulnerability, tracked as [CVE-2026-20093](https://nvd.nist.gov/vuln/detail/CVE-2026-20093), resides in the **Cisco** IMC password change functionality. An unauthenticated, remote attacker can exploit this flaw to bypass authentication and gain administrative access to unpatched systems. "This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device," **Cisco** explained in its [security advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn). A successful exploit could allow an attacker to bypass authentication, modify the passwords of any user on the system (including the administrator), and gain access with that user's privileges. ### Immediate Patching Advised While the **Cisco** Product Security Incident Response Team (PSIRT) has not yet observed exploitation in the wild or the existence of proof-of-concept exploit code, the company "strongly recommends that customers upgrade to the fixed software." No workarounds are available to temporarily mitigate this vulnerability. ### Other Recent Cisco Vulnerabilities This week, **Cisco** also released patches for a critical Smart Software Manager On-Prem (SSM On-Prem) vulnerability ([CVE-2026-20160](https://nvd.nist.gov/vuln/detail/CVE-2026-20160)). Successful exploitation could lead to remote code execution (RCE) on vulnerable SSM On-Prem hosts, even without privileges. Attackers can exploit CVE-2026-20160 by sending a crafted request to the exposed service's API, allowing them to execute commands on the underlying OS with root-level privileges. Earlier this month, **Cisco** patched a maximum-severity RCE vulnerability (CVE-2026-20131) in the Secure Firewall Management Center (FMC). The **Interlock** ransomware gang exploited this vulnerability [in zero-day attacks](https://www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/). The Cybersecurity and Infrastructure Security Agency (**CISA**) [added CVE-2026-20131](https://www.cisa.gov/news-events/alerts/2026/03/19/cisa-adds-one-known-exploited-vulnerability-catalog) to its catalog of known exploited vulnerabilities, [ordering federal agencies to secure their systems](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20131) within three days. Recent reports also indicate that **Cisco's** internal development environment was breached using credentials stolen during the recent [**Trivy** supply chain attack](https://www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/).