{"id":231277,"date":"2026-04-02T13:10:00","date_gmt":"2026-04-02T17:10:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/02\/cisco-fixed-critical-and-high-severity-flaws\/"},"modified":"2026-04-04T21:25:14","modified_gmt":"2026-04-05T01:25:14","slug":"cisco-fixed-critical-and-high-severity-flaws","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/02\/cisco-fixed-critical-and-high-severity-flaws\/","title":{"rendered":"Cisco fixed critical and high-severity flaws"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/190295\/security\/cisco-fixed-critical-and-high-severity-flaws.html\">Cisco fixed critical and high-severity flaws<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/190295\/security\/cisco-fixed-critical-and-high-severity-flaws.html\">https:\/\/securityaffairs.com\/190295\/security\/cisco-fixed-critical-and-high-severity-flaws.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-02 13:10:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Cisco fixed critical and high-severity flaws<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> April 02, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2014\/07\/cisco-building.jpg?fit=680%2C400&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data.<\/h2>\n<p>Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate privileges, and access sensitive information.<\/p>\n<p>One of these critical flaws is CVE-2026-20093 (CVSS score of 9.8), a flaw in Cisco IMC that lets a remote attacker bypass authentication via a crafted HTTP request. An attacker could change user passwords, including admin, and gain full system access.<\/p>\n<p>Cisco Integrated Management Controller (IMC) is a built-in management system used on Cisco servers. IMC lets administrators control and monitor a server remotely, even if the operating system is off or not working.<\/p>\n<p>Cisco also patched a critical SSM On-Prem flaw, tracked as CVE-2026-20160 (CVSS score of 9.8) that allowed unauthenticated attackers to run commands on the host OS with root privileges via a crafted API request.<\/p>\n<p>Cisco\u2019s PSIRT is not aware of exploits or proof-of-concept code for these vulnerabilities, however the networking giant strongly advises customers to update to the patched software.<\/p>\n<p>In March, the company fixed a critical RCE zero-day, tracked as CVE-2026-20131 (CVSS score of 10.0), in Secure Firewall FMC, exploited by Interlock ransomware. US CISA ordered federal agencies to patch within three days. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0the flaw to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n<p><strong>Follow me on Twitter:\u00a0<\/strong><strong>@securityaffairs<\/strong><strong>\u00a0and\u00a0<\/strong><strong>Facebook<\/strong><strong>\u00a0and\u00a0<\/strong><strong>Mastodon<\/strong><\/p>\n<p><strong>Pierluigi\u00a0Paganini<\/strong><strong\/><\/p>\n<p><strong>(<\/strong><strong>SecurityAffairs<\/strong><strong>\u00a0\u2013\u00a0hacking,\u00a0CIMC)<\/strong><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/190295\/security\/cisco-fixed-critical-and-high-severity-flaws.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco fixed critical and high-severity flaws https:\/\/securityaffairs.com\/190295\/security\/cisco-fixed-critical-and-high-severity-flaws.html Publish Date: 2026-04-02 13:10:00 Source Domain: securityaffairs.com Cisco&#8230;<\/p>\n","protected":false},"author":1,"featured_media":231278,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2014\/07\/cisco-building.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-231277","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231277"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=231277"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231277\/revisions"}],"predecessor-version":[{"id":231279,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231277\/revisions\/231279"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/231278"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=231277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=231277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=231277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}