Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities

cisco-sa-cimc-cmd-inj-3hKN3bVt · High · Published · Updated

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privileges to root. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2026-20094, CVE-2026-20095, CVE-2026-20096, CVE-2026-20097
Cisco Bug IDsCSCwr60021, CSCws00363, CSCwr60889, CSCws00368, CSCws00370, CSCwr60894, CSCws00376, CSCws00378, CSCwr60925
CVSS ScoreBase 8.8
Base 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Base 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Computing System (Standalone), Cisco Unified Computing System E-Series Software (UCSE), Cisco Enterprise NFV Infrastructure Software

Related Products

Product CVE Evidence
Cisco Unified Computing System E-Series Software (UCSE) CVE-2026-20097 Cisco OpenVuln
Cisco Unified Computing System E-Series Software (UCSE) CVE-2026-20096 Cisco OpenVuln
Cisco Unified Computing System E-Series Software (UCSE) CVE-2026-20095 Cisco OpenVuln
Cisco Unified Computing System E-Series Software (UCSE) CVE-2026-20094 Cisco OpenVuln
Cisco Unified Computing System (Standalone) CVE-2026-20097 Cisco OpenVuln
Cisco Unified Computing System (Standalone) CVE-2026-20096 Cisco OpenVuln
Cisco Unified Computing System (Standalone) CVE-2026-20095 Cisco OpenVuln
Cisco Unified Computing System (Standalone) CVE-2026-20094 Cisco OpenVuln
Cisco Enterprise NFV Infrastructure Software CVE-2026-20097 Cisco OpenVuln
Cisco Enterprise NFV Infrastructure Software CVE-2026-20096 Cisco OpenVuln
Cisco Enterprise NFV Infrastructure Software CVE-2026-20095 Cisco OpenVuln
Cisco Enterprise NFV Infrastructure Software CVE-2026-20094 Cisco OpenVuln