Cisco Integrated Management Controller vulnerabilities

CVE-2021-1397 [MEDIUM] CWE-601 CVE-2021-1397: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuadin

CVE-2020-3470 [CRITICAL] CWE-119 CVE-2020-3470: Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP

CVE-2020-3371 [HIGH] CWE-78 CVE-2020-3371: A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authent A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to

CVE-2014-3348 [MEDIUM] CWE-20 CVE-2014-3348: The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.

CVE-2026-20090 Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities CVE-2026-20090: Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-79, CWE-79 Bug IDs:

CVE-2026-20085 Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities CVE-2026-20085: Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-79, CWE-79 Bug IDs:

CVE-2026-20095 Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities CVE-2026-20095: Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privile

CVE-2018-0431 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2018-0431: Cisco Integrated Management Controller Command Injection Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected so

CVE-2019-1629 Cisco Integrated Management Controller Arbitrary File Write Vulnerability CVE-2019-1629: Cisco Integrated Management Controller Arbitrary File Write Vulnerability A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vu

CVE-2019-1634 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2019-1634: Cisco Integrated Management Controller Command Injection Vulnerability A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validat

CVE-2021-34736 Cisco Integrated Management Controller GUI Denial of Service Vulnerability CVE-2021-34736: Cisco Integrated Management Controller GUI Denial of Service Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management inter

CVE-2019-1885 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2019-1885: Cisco Integrated Management Controller Command Injection Vulnerability A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attack

CVE-2019-1864 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2019-1864: Cisco Integrated Management Controller Command Injection Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affec

CVE-2017-6616 Cisco Integrated Management Controller Remote Code Execution Vulnerability CVE-2017-6616: Cisco Integrated Management Controller Remote Code Execution Vulnerability A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are rece

CVE-2015-6399 Cisco Integrated Management Controller Denial of Service Vulnerability CVE-2015-6399: Cisco Integrated Management Controller Denial of Service Vulnerability A vulnerability in Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to make the IMC IP interface inaccessible. The vulnerability is due to incomplete sanitization of input for certain parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the IMC.

CVE-2026-20094 Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities CVE-2026-20094: Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privile

CVE-2018-0430 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2018-0430: Cisco Integrated Management Controller Command Injection Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected so

CVE-2019-1908 Cisco Integrated Management Controller Information Disclosure Vulnerability CVE-2019-1908: Cisco Integrated Management Controller Information Disclosure Vulnerability A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A

CVE-2026-20096 Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities CVE-2026-20096: Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privile

CVE-2019-1879 Cisco Integrated Management Controller CLI Command Injection Vulnerability CVE-2019-1879: Cisco Integrated Management Controller CLI Command Injection Vulnerability A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability