Description
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.

This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
Published: 2026-04-01
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A command‑injection flaw in the web‑based management interface of Cisco Integrated Management Controller (IMC) permits an authenticated attacker with administrative privileges to inject arbitrarily‑crafted commands, causing those commands to run with root privileges on the underlying operating system. The flaw stems from inadequate input validation, identified as a classic operating‑system command injection (CWE‑77). Successful exploitation gives the attacker full control over the host, compromising confidentiality, integrity, and availability of the impacted system. Cisco rates the security impact high because of the root‑level execution and potential downstream attacks.

Affected Systems

Vendors and products affected include Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (Standalone), and Cisco Unified Computing System E‑Series Software (UCSE). Specific version numbers were not disclosed in the advisory. Administrators should verify whether their installations correspond to these product lines.

Risk and Exploitability

The CVSS base score reported is 6.5, indicating a moderate to high severity, while the exploitation probability score is not provided and the vulnerability is not listed in the CISA KEV catalog. The exploitation path requires network access to the web interface and authenticated administrative credentials. Though no publicly disclosed exploit is known at this time, the combination of root privilege escalation and command injection represents a significant risk. Remediation is recommended promptly to mitigate the potential impact of this vulnerability.

Generated by OpenCVE AI on April 2, 2026 at 02:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Integrated Management Controller firmware or software update that addresses the command injection flaw.
  • If an update is not yet available, restrict access to the web‑based management interface to trusted networks or IP ranges and enforce strict multi‑factor authentication for administrative accounts.
  • Monitor system logs for anomalous command execution or privilege escalation activity.
  • Disable the web interface temporarily if the functionality is not required for day‑to‑day operations.
  • Keep all Cisco infrastructure components up to date and regularly review Cisco security advisories.

Generated by OpenCVE AI on April 2, 2026 at 02:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco enterprise Nfv Infrastructure Software
Cisco unified Computing System
Cisco unified Computing System Software
Vendors & Products Cisco
Cisco enterprise Nfv Infrastructure Software
Cisco unified Computing System
Cisco unified Computing System Software

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and&nbsp;execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
Title Cisco Integrated Management Controller Command Injection Vulnerability
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Cisco Enterprise Nfv Infrastructure Software Unified Computing System Unified Computing System Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-04-22T19:09:33.637Z

Reserved: 2025-10-08T11:59:15.369Z

Link: CVE-2026-20096

cve-icon Vulnrichment

Updated: 2026-04-01T18:18:41.004Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-01T17:28:30.203

Modified: 2026-04-03T16:11:11.357

Link: CVE-2026-20096

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T08:58:30Z

Weaknesses