• Home
  • cyber
  • Cisco: Cisco Warns of Critical IMC Vulnerability Enabling Authentication Bypass
cyber Vulnerability

Cisco: Cisco Warns of Critical IMC Vulnerability Enabling Authentication Bypass

Apr 2, 2026 2 min read
Cisco: Cisco Warns of Critical IMC Vulnerability Enabling Authentication Bypass

Critical Cisco IMC Authentication Bypass Flaw Grants Full Admin Access (CVE-2026-20093)

Cisco has issued an urgent security advisory for CVE-2026-20093, a 9.8-severity authentication bypass vulnerability in its Integrated Management Controller (IMC) software. The flaw allows unauthenticated remote attackers to overwrite administrative passwords and gain full control over vulnerable Cisco servers and network appliances.

The vulnerability stems from improper handling of password change requests in the IMC software. By sending a maliciously crafted HTTP request to the management interface, attackers can alter passwords for any user including Admin accounts without prior authentication. Successful exploitation grants complete administrative privileges over affected systems.

Discovered by security researcher "jyh" and reported to Cisco’s Product Security Incident Response Team (PSIRT), the flaw has no known public exploits or active attacks at this time. However, Cisco warns that no workarounds or mitigations exist patching is the only remediation.

Affected Hardware

The vulnerability impacts a range of Cisco devices running vulnerable IMC versions, including:

  • 5000 Series Enterprise Network Compute Systems (ENCS)
  • Catalyst 8300 Series Edge uCPE platforms
  • UCS C-Series M5/M6 Rack Servers and UCS E-Series M3/M6 servers
  • Preconfigured network appliances exposing the IMC interface, such as:
    • Application Policy Infrastructure Controller (APIC) servers
    • Catalyst Center Appliances
    • Secure Firewall Management Center Appliances
    • Secure Network Analytics Appliances

Remediation

Cisco has released patched firmware updates for affected devices. Administrators must apply fixes via:

  • NFVIS upgrade process (for ENCS and uCPE platforms)
  • Cisco Host Upgrade Utility (HUU) (for UCS servers)
  • Out-of-band update procedures (for specific appliances)

Details on fixed versions are available in Cisco’s official advisory. Given the critical severity and lack of mitigations, immediate patching is essential to prevent unauthorized access.

Source: https://gbhackers.com/cisco-warns-of-critical-imc-vulnerability/

Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco

"id": "CIS1775111249",
"linkid": "cisco",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Networking and Cybersecurity',
                        'name': 'Cisco',
                        'type': 'Technology Company'},
                       {'name': '5000 Series Enterprise Network Compute '
                                'Systems (ENCS)',
                        'type': 'Hardware'},
                       {'name': 'Catalyst 8300 Series Edge uCPE platforms',
                        'type': 'Hardware'},
                       {'name': 'UCS C-Series M5/M6 Rack Servers',
                        'type': 'Hardware'},
                       {'name': 'UCS E-Series M3/M6 servers',
                        'type': 'Hardware'},
                       {'name': 'Application Policy Infrastructure Controller '
                                '(APIC) servers',
                        'type': 'Hardware'},
                       {'name': 'Catalyst Center Appliances',
                        'type': 'Hardware'},
                       {'name': 'Secure Firewall Management Center Appliances',
                        'type': 'Hardware'},
                       {'name': 'Secure Network Analytics Appliances',
                        'type': 'Hardware'}],
 'attack_vector': 'Remote',
 'description': 'Cisco has issued an urgent security advisory for '
                'CVE-2026-20093, a 9.8-severity authentication bypass '
                'vulnerability in its Integrated Management Controller (IMC) '
                'software. The flaw allows unauthenticated remote attackers to '
                'overwrite administrative passwords and gain full control over '
                'vulnerable Cisco servers and network appliances. The '
                'vulnerability stems from improper handling of password change '
                'requests in the IMC software, enabling attackers to alter '
                'passwords for any user, including Admin accounts, without '
                'prior authentication.',
 'impact': {'operational_impact': 'Complete administrative control over '
                                  'vulnerable Cisco servers and network '
                                  'appliances',
            'systems_affected': 'Full administrative privileges over affected '
                                'systems'},
 'post_incident_analysis': {'corrective_actions': 'Release of patched firmware '
                                                  'updates',
                            'root_causes': 'Improper handling of password '
                                           'change requests in the IMC '
                                           'software'},
 'recommendations': 'Immediate patching is essential to prevent unauthorized '
                    'access. Administrators must apply the latest firmware '
                    'updates provided by Cisco.',
 'references': [{'source': 'Cisco’s official advisory'}],
 'response': {'communication_strategy': 'Cisco issued an urgent security '
                                        'advisory',
              'containment_measures': 'Patching is the only remediation',
              'remediation_measures': 'Cisco has released patched firmware '
                                      'updates for affected devices. '
                                      'Administrators must apply fixes via '
                                      'NFVIS upgrade process, Cisco Host '
                                      'Upgrade Utility (HUU), or out-of-band '
                                      'update procedures.'},
 'title': 'Critical Cisco IMC Authentication Bypass Flaw Grants Full Admin '
          'Access (CVE-2026-20093)',
 'type': 'Authentication Bypass',
 'vulnerability_exploited': 'CVE-2026-20093'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.