Cisco Patches Critical Authentication Bypass Vulnerabilities in IMC and SSM
Cisco released emergency patches for two critical vulnerabilities with 9.8 CVSS scores in its Integrated Management Controller and Smart Software Manager On-Prem products that could allow unauthenticated remote attackers to gain elevated privileges or execute arbitrary commands.
Key Points
- Two critical vulnerabilities with 9.8 CVSS scores patched in Cisco IMC and SSM On-Prem
- IMC flaw allows unauthenticated remote attackers to bypass authentication and gain elevated privileges
- SSM On-Prem vulnerability enables arbitrary command execution on underlying operating system
- Neither vulnerability has been observed exploited in the wild yet
- Attacks possible via crafted API requests to exposed services
Full Details
Cisco has released security updates addressing two critical vulnerabilities affecting its Integrated Management Controller (IMC) and Smart Software Manager On-Prem (SSM On-Prem) products. The IMC vulnerability (CVSS 9.8) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The SSM On-Prem vulnerability (CVSS 9.8) could enable an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system by sending a crafted request to the API of the exposed service. While Cisco stated that neither vulnerability has been observed being exploited in the wild, the company noted that a number of recently disclosed security flaws in Cisco products have been weaponized by threat actors. Organizations using these products are strongly advised to apply the patches immediately given the critical severity and potential for complete system compromise.
Why It Matters
Given the critical severity and proof-of-concept availability, these vulnerabilities represent high-value targets for attackers and should be prioritized for immediate patching.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Global News
India to Participate in UK-Led Initiative to Reopen Strait of Hormuz
India's Ministry of External Affairs announced on April 2, 2026 that the country will join a UK-led initiative to explore ways to reopen the Strait of Hormuz, with India's top diplomat Vikram Misri representing the country in the first round of talks.
Oil surges and stocks fall as Trump Iran war speech fails to calm nerves
Oil prices surged and stocks fell following Trump's Iran war speech, as more than 2,000 people including women and children have been killed in Iran since joint US-Israeli strikes began a month ago, according to the Iranian Red Crescent.
Musicians' Union Defends Bruce Springsteen After Trump Calls for Boycott
The American Federation of Musicians has publicly defended Bruce Springsteen after President Trump called for a boycott of his concerts following the rocker's criticisms of the White House.
Artemis II Launch Marks High-Stakes US-China Space Race for Lunar Dominance
The Artemis II mission is not just a scientific achievement but part of a high-stakes space race between the United States and China, with both nations competing to establish dominance in lunar exploration.