Cisco Unified Computing System vulnerabilities

CVE-2026-20093 [CRITICAL] CWE-20 CVE-2026-20093: A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a

CVE-2026-20094 [HIGH] CWE-77 CVE-2026-20094: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vu

CVE-2026-20097 [MEDIUM] CWE-787 CVE-2026-20097: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending

CVE-2026-20085 [MEDIUM] CWE-79 CVE-2026-20085: A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, r A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a

CVE-2026-20096 [MEDIUM] CWE-77 CVE-2026-20096: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit thi

CVE-2026-20090 [MEDIUM] CWE-79 CVE-2026-20090: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20095 [MEDIUM] CWE-77 CVE-2026-20095: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit thi

CVE-2026-20087 [MEDIUM] CWE-79 CVE-2026-20087: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20088 [MEDIUM] CWE-79 CVE-2026-20088: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20089 [MEDIUM] CWE-79 CVE-2026-20089: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20010 [HIGH] CWE-805 CVE-2026-20010: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could al A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit t

CVE-2026-20091 [MEDIUM] CWE-79 CVE-2026-20091: A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager S A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interf

CVE-2026-20037 [MEDIUM] CWE-250 CVE-2026-20037: A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authe A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by

CVE-2026-20036 [MEDIUM] CWE-78 CVE-2026-20036: A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could al A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation of command arguments that are

CVE-2026-20099 [MEDIUM] CWE-78 CVE-2026-20099: A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Mana A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation of command argume

CVE-2025-20317 [HIGH] CWE-601 CVE-2025-20317: A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading

CVE-2025-20290 [MEDIUM] CWE-200 CVE-2025-20290: A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker access to sensitive

CVE-2025-20342 [MEDIUM] CWE-80 CVE-2025-20342: A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied

CVE-2025-20295 [MEDIUM] CWE-78 CVE-2025-20295: A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacke A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files. This vulnerability is due to insufficient input validation of command

CVE-2025-20296 [MEDIUM] CWE-79 CVE-2025-20296: A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an a A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected syste