CVE-2026-20093
Authentication Bypass in Cisco IMC Password Change Functionality
Publication date: 2026-04-01
Last updated on: 2026-04-01
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | integrated_management_controller | * |
| cisco | enterprise_nfv_infrastructure_software | * |
| cisco | ucs_c_series_m5_rack_servers | 4.3(2.260007) |
| cisco | ucs_c_series_m6_rack_servers | 4.3(6.260017) |
| cisco | ucs_e_series_m3 | * |
| cisco | ucs_e_series_m6 | 4.15.3 |
| cisco | telemetry_broker_appliances | * |
| cisco | iec6400_edge_compute_appliances | * |
| cisco | secure_endpoint_private_cloud_appliances | 4.2.5 |
| cisco | secure_firewall_management_center_appliances | * |
| cisco | secure_malware_analytics_appliances | * |
| cisco | secure_network_analytics_appliances | * |
| cisco | secure_network_server_appliances | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20093 is a critical vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC). It allows an unauthenticated, remote attacker to bypass authentication by sending a specially crafted HTTP request to the affected device.
This flaw occurs due to incorrect handling of password change requests, enabling the attacker to change any user's password, including the Admin account, and gain administrative access to the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or crafted HTTP requests targeting the Cisco Integrated Management Controller (IMC) change password functionality, as the exploit involves sending specially crafted HTTP requests to bypass authentication.
Since the vulnerability involves HTTP requests to the IMC interface, network administrators can use network traffic analysis tools or intrusion detection systems to look for suspicious HTTP POST or GET requests that attempt to change passwords without proper authentication.
Specific commands are not provided in the available resources, but general approaches include:
- Using packet capture tools like tcpdump or Wireshark to filter HTTP traffic to the IMC management IP address and inspect for abnormal password change requests.
- Using curl or similar HTTP clients to test the IMC interface for unauthorized password change attempts (only in a controlled, authorized environment).
- Checking system logs on the IMC device for any unauthorized password change attempts or authentication bypass events.
Cisco does not provide specific detection commands or signatures for this vulnerability in the provided resources. The recommended mitigation is to upgrade to fixed software releases as no workarounds or detection commands are detailed.
How can this vulnerability impact me? :
Exploitation of this vulnerability can have severe impacts, including unauthorized administrative access to the affected system.
- An attacker can bypass authentication without any privileges.
- The attacker can change passwords of any user, including the Admin user.
- Gaining admin access allows the attacker to control the system, potentially leading to data breaches, system manipulation, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds available for this vulnerability. Cisco strongly recommends upgrading to fixed software releases to fully remediate the issue.
- For 5000 Series ENCS and Catalyst 8300 Series Edge uCPE, upgrade Cisco Enterprise NFV Infrastructure Software (NFVIS) to at least 4.15.5 (ENCS) or 4.18.3 (Catalyst 8300).
- For UCS C-Series M5 and M6 Rack Servers, upgrade Cisco IMC to versions 4.3(2.260007) and 4.3(6.260017), respectively.
- For UCS E-Series M3 and M6, upgrade Cisco IMC to versions 3.2.17 and 4.15.3, respectively.
- For Cisco appliances based on UCS C-Series Servers, apply direct Cisco IMC upgrades to fixed releases or specific remediation steps such as firmware updates, hotfixes, BIOS and HUU upgrades depending on the appliance.
- Examples of specific remediation steps include firmware updates for Cisco Telemetry Broker Appliances, HUU upgrades for IEC6400 Edge Compute Appliances, and hotfixes or patches for Secure Endpoint Private Cloud Appliances, Secure Firewall Management Center Appliances, Secure Malware Analytics Appliances, Secure Network Analytics Appliances, and Secure Network Server Appliances.
Customers should consult Ciscoβs advisory and use the Cisco Host Upgrade Utility (HUU) and related documentation for support and upgrade instructions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an unauthenticated remote attacker to bypass authentication and gain administrative access to affected Cisco IMC systems by changing any user's password, including the Admin account.
Such unauthorized access could lead to compromise of sensitive data, disruption of system integrity, and unauthorized control over critical infrastructure, which may result in non-compliance with data protection and security standards such as GDPR and HIPAA.
Organizations relying on affected Cisco IMC devices could face increased risk of data breaches or unauthorized data access, potentially violating regulatory requirements for protecting personal and health information.
No specific compliance impact statements are provided in the available resources, but the critical nature of the vulnerability (CVSS 9.8) and its ability to grant administrative access imply significant compliance risks if exploited.