Cisco Integrated Management Controller vulnerabilities

CVE-2026-20097 Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities CVE-2026-20097: Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privile

CVE-2026-20087 Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities CVE-2026-20087: Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-79, CWE-79 Bug IDs:

CVE-2026-20089 Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities CVE-2026-20089: Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-79, CWE-79 Bug IDs:

CVE-2024-20295 Cisco Integrated Management Controller CLI Command Injection Vulnerability CVE-2024-20295: Cisco Integrated Management Controller CLI Command Injection Vulnerability A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root . To exploit this vulnerability, the attacker must have read-only or higher privileges on an

CVE-2019-1627 Cisco Integrated Management Controller Information Disclosure Vulnerability CVE-2019-1627: Cisco Integrated Management Controller Information Disclosure Vulnerability A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data

CVE-2017-6618 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability CVE-2017-6618: Cisco Integrated Management Controller Cross-Site Scripting Vulnerability A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to perform a persistent cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. A successful exploit could allow

CVE-2026-20088 Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities CVE-2026-20088: Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-79, CWE-79 Bug IDs:

CVE-2019-1628 Cisco Integrated Management Controller Denial of Service Vulnerability CVE-2019-1628: Cisco Integrated Management Controller Denial of Service Vulnerability A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could exploit this vulnerability by

CVE-2023-20228 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability CVE-2023-20228: Cisco Integrated Management Controller Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could explo

CVE-2019-1631 Cisco Integrated Management Controller Information Disclosure Vulnerability CVE-2019-1631: Cisco Integrated Management Controller Information Disclosure Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could exploit this vulnera

CVE-2019-1883 Cisco Integrated Management Controller CLI Command Injection Vulnerability CVE-2019-1883: Cisco Integrated Management Controller CLI Command Injection Vulnerability A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on

CVE-2019-1865 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2019-1865: Cisco Integrated Management Controller Command Injection Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the

CVE-2025-20261 Cisco Integrated Management Controller Privilege Escalation Vulnerability CVE-2025-20261: Cisco Integrated Management Controller Privilege Escalation Vulnerability A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restric

CVE-2017-6619 Cisco Integrated Management Controller Privilege Escalation Vulnerability CVE-2017-6619: Cisco Integrated Management Controller Privilege Escalation Vulnerability A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HT

CVE-2019-1632 Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability CVE-2019-1632: Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protection

CVE-2019-1863 Cisco Integrated Management Controller Privilege Escalation Vulnerability CVE-2019-1863: Cisco Integrated Management Controller Privilege Escalation Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerabi

CVE-2019-1871 Cisco Integrated Management Controller Buffer Overflow Vulnerability CVE-2019-1871: Cisco Integrated Management Controller Buffer Overflow Vulnerability A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with root privileges on an affected device. The vulnerability is due to improper bounds checking by

CVE-2026-20093 Cisco Integrated Management Controller Authentication Bypass Vulnerability CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin . This vulnerability is due to incorrect handling of password change requests. An attacker could exploit t

CVE-2019-1630 Cisco Integrated Management Controller Denial of Service Vulnerability CVE-2019-1630: Cisco Integrated Management Controller Denial of Service Vulnerability A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit thi

CVE-2019-1850 Cisco Integrated Management Controller Command Injection Vulnerability CVE-2019-1850: Cisco Integrated Management Controller Command Injection Vulnerability A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The