Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication

Cisco has recently disclosed a critical security flaw affecting its Integrated Management Controller (IMC), prompting the release of urgent software updates.

The vulnerability, officially tracked as CVE-2026-20093, has been assigned a critical Base CVSS score of 9.8, indicating the highest level of severity.

This security weakness is located in the password change functionality of the Cisco IMC software. The core issue stems from the system’s incorrect processing of incoming password change requests.

By exploiting this flaw, a remote, unauthenticated attacker can send a maliciously crafted HTTP request directly to an affected device.

If the exploit is successful, the attacker can completely bypass standard authentication checks. Once authentication is bypassed, the attacker can modify the passwords of any existing user on the system.

This includes the primary Admin account, which essentially allows the attacker to hijack the system and gain full administrative access as that user.

Affected Systems and Hardware

The vulnerability impacts several Cisco hardware products if they are running a vulnerable release of the Cisco IMC software.

The affected standalone products include:

• 5000 Series Enterprise Network Compute Systems (ENCS)
• Catalyst 8300 Series Edge uCPE
• UCS C-Series M5 and M6 Rack Servers (in standalone mode)
• UCS E-Series Servers M3 and M6

Furthermore, numerous Cisco appliances that rely on preconfigured versions of the affected UCS C-Series Servers are also at risk. If these appliances expose the Cisco IMC user interface, they are vulnerable.

This extensive list includes Application Policy Infrastructure Controller (APIC) Servers, Catalyst Center Appliances, Secure Firewall Management Center Appliances, and Secure Network Analytics Appliances.

Cisco has confirmed that certain newer and differently configured products, such as UCS B-Series Blade Servers, UCS X-Series Modular Systems, and UCS C-Series M7 and M8 Rack Servers, remain unaffected by this flaw.

Currently, no temporary workarounds or mitigations are available to block this vulnerability. The only effective solution is to apply the official software updates provided by Cisco.

Administrators are strongly urged to immediately upgrade their affected systems to the fixed software releases.

The update process varies by device; for instance, upgrading the IMC on 5000 Series ENCS and Catalyst 8300 Series requires upgrading the underlying Cisco Enterprise NFV Infrastructure Software (NFVIS).

For standalone servers, administrators can typically use the Cisco Host Upgrade Utility (HUU) to install the fixed IMC releases.

Cisco has credited a security researcher for reporting the flaw and noted that there is currently no evidence of active exploitation or public announcements regarding malicious use of this vulnerability.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.