Alert GCSA-26054 - Vulnerabilita' critiche in prodotti Cisco

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ****************************************************************** alert ID: GCSA-26054 data: 03 aprile 2026 titolo: Vulnerabilita' critiche in prodotti Cisco ****************************************************************** :: Descrizione del problema Cisco ha pubblicato alcuni avvisi di sicurezza, con i quali vengono risolte due vulnerabilita' critiche e sei vulnerabilita' di gravita' elevata. Maggiori informazioni sono disponibili alla sezione "Riferimenti". :: Apparati interessati Cisco IMC (Integrated Management Controller) Cisco SSM (Smart Software Manager) On-Prem Cisco Evolved Programmable Network Manager (EPNM) Cisco Nexus Dashboard Cisco Nexus Dashboard Insights Cisco NFVIS Per una descrizione completa dei dispositivi interessati, si prega di fare riferimento ai Security Advisories ufficiali. :: Impatto Esecuzione remota di codice arbitrario (RCE) Accesso a dati riservati (ID) Bypass delle funzionalita' di sicurezza (SFB) Acquisizione di privilegi piu' elevati (EoP) :: Soluzioni Si consiglia di valutare l'impatto delle vulnerabilita' sui dispositivi in uso, e di aggiornare il prima possibile. E' possibile utilizzare Cisco Software Checker https://sec.cloudapps.cisco.com/security/center/softwarechecker.x per determinare il patching appropriato. Prima dell'installazione del software consultare il sito del fornitore per maggiori dettagli. :: Riferimenti Cisco Security Advisories https://sec.cloudapps.cisco.com/security/center/publicationListing.x https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cmdinj-UvYZrKfr https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 MS-ISAC CYBERSECURITY ADVISORY https://learn.cisecurity.org/webmail/799323/2666072974/b0da4c3d29c6aa08cc5c89da3a6ad661445bd5c6b4a99d0ce3262f5ec256d14f Bleeping Computer https://www.bleepingcomputer.com/news/security/critical-cisco-imc-auth-bypass-gives-attackers-admin-access/ SecurityWeek https://www.securityweek.com/cisco-patches-critical-and-high-severity-vulnerabilities/ The Hacker News https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html Mitre CVE https://www.cve.org/CVERecord?id=CVE-2026-20160 https://www.cve.org/CVERecord?id=CVE-2026-20093 https://www.cve.org/CVERecord?id=CVE-2026-20085 https://www.cve.org/CVERecord?id=CVE-2026-20087 https://www.cve.org/CVERecord?id=CVE-2026-20088 https://www.cve.org/CVERecord?id=CVE-2026-20089 https://www.cve.org/CVERecord?id=CVE-2026-20090 https://www.cve.org/CVERecord?id=CVE-2026-20094 https://www.cve.org/CVERecord?id=CVE-2026-20095 https://www.cve.org/CVERecord?id=CVE-2026-20096 https://www.cve.org/CVERecord?id=CVE-2026-20097 https://www.cve.org/CVERecord?id=CVE-2026-20151 https://www.cve.org/CVERecord?id=CVE-2024-20432 https://www.cve.org/CVERecord?id=CVE-2026-20042 https://www.cve.org/CVERecord?id=CVE-2026-20041 https://www.cve.org/CVERecord?id=CVE-2026-20174 https://www.cve.org/CVERecord?id=CVE-2026-20155 GARR CERT Security Alert - subscribe/unsubscribe: https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert -----BEGIN PGP SIGNATURE----- iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCac/oigAKCRDBnEyTZRJg Qk8zAJ9WhxfQaHr3s1iWay49c4YLrvqqqwCgqvj74q9kHydLTkxoUYhvqSW+l0Y= =UHOX -----END PGP SIGNATURE-----