Cisco Unified Computing System E-Series Software vulnerabilities

CVE-2026-20093 [CRITICAL] CWE-20 CVE-2026-20093: A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a

CVE-2026-20094 [HIGH] CWE-77 CVE-2026-20094: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vu

CVE-2026-20085 [MEDIUM] CWE-79 CVE-2026-20085: A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, r A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a

CVE-2026-20096 [MEDIUM] CWE-77 CVE-2026-20096: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit thi

CVE-2026-20090 [MEDIUM] CWE-79 CVE-2026-20090: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20095 [MEDIUM] CWE-77 CVE-2026-20095: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit thi

CVE-2026-20087 [MEDIUM] CWE-79 CVE-2026-20087: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20088 [MEDIUM] CWE-79 CVE-2026-20088: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2026-20089 [MEDIUM] CWE-79 CVE-2026-20089: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, rem A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an aff

CVE-2025-20317 [HIGH] CWE-601 CVE-2025-20317: A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading

CVE-2025-20342 [MEDIUM] CWE-80 CVE-2025-20342: A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied

CVE-2024-20356 [HIGH] CWE-78 CVE-2024-20356: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attac

CVE-2024-20295 [HIGH] CWE-78 CVE-2024-20295: A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authen A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability

CVE-2023-20228 [MEDIUM] CWE-80 CVE-2023-20228: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persua

CVE-2019-1865 [HIGH] CWE-78 CVE-2019-1865: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An atta

CVE-2019-1634 [HIGH] CWE-78 CVE-2019-1634: A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Manageme A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied comman

CVE-2019-1883 [HIGH] CWE-78 CVE-2019-1883: A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An atta

CVE-2019-1896 [HIGH] CWE-78 CVE-2019-1896: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input in the Certificate Signing Request (CSR) function of the web-based managemen

CVE-2019-1863 [HIGH] CWE-285 CVE-2019-1863: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP r

CVE-2019-1864 [HIGH] CWE-78 CVE-2019-1864: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker c