Alert GCSA-26054 - Vulnerabilita' critiche in prodotti Cisco
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26054
data: 03 aprile 2026
titolo: Vulnerabilita' critiche in prodotti Cisco
******************************************************************
:: Descrizione del problema
Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali vengono risolte
due vulnerabilita' critiche e sei vulnerabilita' di gravita' elevata.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Apparati interessati
Cisco IMC (Integrated Management Controller)
Cisco SSM (Smart Software Manager) On-Prem
Cisco Evolved Programmable Network Manager (EPNM)
Cisco Nexus Dashboard
Cisco Nexus Dashboard Insights
Cisco NFVIS
Per una descrizione completa dei dispositivi interessati, si prega di fare riferimento
ai Security Advisories ufficiali.
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Accesso a dati riservati (ID)
Bypass delle funzionalita' di sicurezza (SFB)
Acquisizione di privilegi piu' elevati (EoP)
:: Soluzioni
Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso,
e di aggiornare il prima possibile.
E' possibile utilizzare Cisco Software Checker
https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
per determinare il patching appropriato.
Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli.
:: Riferimenti
Cisco Security Advisories
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3
MS-ISAC CYBERSECURITY ADVISORY
https://learn.cisecurity.org/webmail/799323/2666072974/b0da4c3d29c6aa08cc5c89da3a6ad661445bd5c6b4a99d0ce3262f5ec256d14f
Bleeping Computer
https://www.bleepingcomputer.com/news/security/critical-cisco-imc-auth-bypass-gives-attackers-admin-access/
SecurityWeek
https://www.securityweek.com/cisco-patches-critical-and-high-severity-vulnerabilities/
The Hacker News
https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2026-20160
https://www.cve.org/CVERecord?id=CVE-2026-20093
https://www.cve.org/CVERecord?id=CVE-2026-20085
https://www.cve.org/CVERecord?id=CVE-2026-20087
https://www.cve.org/CVERecord?id=CVE-2026-20088
https://www.cve.org/CVERecord?id=CVE-2026-20089
https://www.cve.org/CVERecord?id=CVE-2026-20090
https://www.cve.org/CVERecord?id=CVE-2026-20094
https://www.cve.org/CVERecord?id=CVE-2026-20095
https://www.cve.org/CVERecord?id=CVE-2026-20096
https://www.cve.org/CVERecord?id=CVE-2026-20097
https://www.cve.org/CVERecord?id=CVE-2026-20151
https://www.cve.org/CVERecord?id=CVE-2024-20432
https://www.cve.org/CVERecord?id=CVE-2026-20042
https://www.cve.org/CVERecord?id=CVE-2026-20041
https://www.cve.org/CVERecord?id=CVE-2026-20174
https://www.cve.org/CVERecord?id=CVE-2026-20155
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCac/oigAKCRDBnEyTZRJg
Qk8zAJ9WhxfQaHr3s1iWay49c4YLrvqqqwCgqvj74q9kHydLTkxoUYhvqSW+l0Y=
=UHOX
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-26054
data: 03 aprile 2026
titolo: Vulnerabilita' critiche in prodotti Cisco
******************************************************************
:: Descrizione del problema
Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali vengono risolte
due vulnerabilita' critiche e sei vulnerabilita' di gravita' elevata.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Apparati interessati
Cisco IMC (Integrated Management Controller)
Cisco SSM (Smart Software Manager) On-Prem
Cisco Evolved Programmable Network Manager (EPNM)
Cisco Nexus Dashboard
Cisco Nexus Dashboard Insights
Cisco NFVIS
Per una descrizione completa dei dispositivi interessati, si prega di fare riferimento
ai Security Advisories ufficiali.
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Accesso a dati riservati (ID)
Bypass delle funzionalita' di sicurezza (SFB)
Acquisizione di privilegi piu' elevati (EoP)
:: Soluzioni
Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso,
e di aggiornare il prima possibile.
E' possibile utilizzare Cisco Software Checker
https://sec.cloudapps.cisco.com/security/center/softwarechecker.x
per determinare il patching appropriato.
Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli.
:: Riferimenti
Cisco Security Advisories
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3
MS-ISAC CYBERSECURITY ADVISORY
https://learn.cisecurity.org/webmail/799323/2666072974/b0da4c3d29c6aa08cc5c89da3a6ad661445bd5c6b4a99d0ce3262f5ec256d14f
Bleeping Computer
https://www.bleepingcomputer.com/news/security/critical-cisco-imc-auth-bypass-gives-attackers-admin-access/
SecurityWeek
https://www.securityweek.com/cisco-patches-critical-and-high-severity-vulnerabilities/
The Hacker News
https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html
Mitre CVE
https://www.cve.org/CVERecord?id=CVE-2026-20160
https://www.cve.org/CVERecord?id=CVE-2026-20093
https://www.cve.org/CVERecord?id=CVE-2026-20085
https://www.cve.org/CVERecord?id=CVE-2026-20087
https://www.cve.org/CVERecord?id=CVE-2026-20088
https://www.cve.org/CVERecord?id=CVE-2026-20089
https://www.cve.org/CVERecord?id=CVE-2026-20090
https://www.cve.org/CVERecord?id=CVE-2026-20094
https://www.cve.org/CVERecord?id=CVE-2026-20095
https://www.cve.org/CVERecord?id=CVE-2026-20096
https://www.cve.org/CVERecord?id=CVE-2026-20097
https://www.cve.org/CVERecord?id=CVE-2026-20151
https://www.cve.org/CVERecord?id=CVE-2024-20432
https://www.cve.org/CVERecord?id=CVE-2026-20042
https://www.cve.org/CVERecord?id=CVE-2026-20041
https://www.cve.org/CVERecord?id=CVE-2026-20174
https://www.cve.org/CVERecord?id=CVE-2026-20155
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCac/oigAKCRDBnEyTZRJg
Qk8zAJ9WhxfQaHr3s1iWay49c4YLrvqqqwCgqvj74q9kHydLTkxoUYhvqSW+l0Y=
=UHOX
-----END PGP SIGNATURE-----