Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerabilities in Cisco Products

6 April 2026

Cisco has released security updates to address multiple security vulnerabilities in their products. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Cisco has released security updates to address security vulnerabilities in Cisco Integrated Management Controller (IMC) (CVE-2026-20093) and Cisco Smart Software Manager On-Prem (SSM On-Prem) (CVE-2026-20160). Both vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.

Impact

Successful exploitation of the vulnerabilities could lead to the following:

  • CVE-2026-20093: Successful exploitation of this authentication bypass vulnerability in Cisco IMC could allow an unauthenticated remote attacker to bypass authentication by sending crafted HTTP requests. This could enable the attacker to alter the passwords of any user, including admin accounts, and gain elevated access to the system.

  • CVE-2026-20160: Successful exploitation of this vulnerability in Cisco SSM On-Prem could allow an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system with root‑level privileges. The flaw arises from unintentional exposure of an internal service, which can be abused via crafted API requests.

Affected Products

The following product versions are affected by the vulnerabilities.

For CVE-2026-20093:

  • Cisco 5000 Series Enterprise Network Compute Systems versions prior to 4.15.5

  • Cisco Catalyst 8300 Series Edge uCPE versions prior to 4.18.3

  • Cisco UCS C‑Series M5 and M6 Rack Servers versions prior to 4.3(2.260007), 4.3(6.260017), and 6.0(1.250174)

  • Cisco UCS E‑Series Servers M3 versions prior to 3.2.17

  • Cisco UCS E‑Series Servers M6 versions prior to 4.15.3

For CVE-2026-20160:

  • Cisco SSM On-Prem Release versions prior to 9‑202601

Mitigation

Users and administrators of affected products are advised to update to the latest versions immediately.

For additional details and guidance, please refer to Cisco’s official advisories for CVE-2026-20093 and CVE-2026-20160 respectively.

References

https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr

https://nvd.nist.gov/vuln/detail/CVE-2026-20160 

Back to top