CVE-2026-20093

Medienbericht

EPSS 0.04%
Veröffentlicht 01.04.2026 16:28:38
Zuletzt bearbeitet 03.04.2026 16:11:11
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.

This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

CNA 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Enterprise NFV Infrastructure Software

Default Statusunknown

Version 4.1.1

Status affected

Version 3.9.1

Status affected

Version 3.5.2

Status affected

Version 3.12.2

Status affected

Version 3.6.2

Status affected

Version 3.9.2

Status affected

Version 3.11.3

Status affected

Version 3.11.1

Status affected

Version 3.5.1

Status affected

Version 3.3.1

Status affected

Version 3.10.2

Status affected

Version 3.12.1b

Status affected

Version 3.4.1

Status affected

Version 3.12.1a

Status affected

Version 3.6.3

Status affected

Version 3.8.1

Status affected

Version 3.11.2

Status affected

Version 3.12.1

Status affected

Version 3.12.3

Status affected

Version 3.10.1

Status affected

Version 3.6.1

Status affected

Version 3.10.3

Status affected

Version 3.7.1

Status affected

Version 4.1.2

Status affected

Version 4.2.1

Status affected

Version 4.2.2

Status affected

Version 4.4.1

Status affected

Version 4.4.2

Status affected

Version 4.5.1

Status affected

Version 4.4.3

Status affected

Version 4.6.1

Status affected

Version 4.7.1

Status affected

Version 4.6.2-FC2

Status affected

Version 4.6.2-FC3

Status affected

Version 4.6.2

Status affected

Version 4.8.1

Status affected

Version 4.8.2

Status affected

Version 4.9.1

Status affected

Version 4.6.3

Status affected

Version 4.9.2-FC5

Status affected

Version 4.9.2

Status affected

Version 4.10.1

Status affected

Version 4.9.3

Status affected

Version 4.11.1

Status affected

Version 4.9.4

Status affected

Version 4.12.1

Status affected

Version 4.6.4

Status affected

Version 4.12.2

Status affected

Version 4.13.1

Status affected

Version 4.9.4-ES8

Status affected

Version 4.9.5

Status affected

Version 4.12.3

Status affected

Version 4.6.5-ES1

Status affected

Version 4.9.4-ES9

Status affected

Version 4.14.1

Status affected

Version 4.6.3-FC4

Status affected

Version 4.9.4-FC3

Status affected

Version 4.12.4

Status affected

Version 4.15.1

Status affected

Version 4.9.6

Status affected

Version 4.16.1

Status affected

Version 4.15.2

Status affected

Version 4.12.5

Status affected

Version 4.15.3

Status affected

Version 4.15.4

Status affected

Version 4.18.1

Status affected

Version 4.12.6

Status affected

Version 4.18.2

Status affected

Version 4.18.2a

Status affected

HerstellerCisco

≫

Produkt Cisco Unified Computing System (Standalone)

Default Statusunknown

Version 4.0(2g)

Status affected

Version 3.1(2i)

Status affected

Version 3.1(1d)

Status affected

Version 4.0(4i)

Status affected

Version 4.1(1c)

Status affected

Version 4.0(2c)

Status affected

Version 4.0(1e)

Status affected

Version 4.0(2h)

Status affected

Version 4.0(4h)

Status affected

Version 4.0(1h)

Status affected

Version 4.0(2l)

Status affected

Version 3.1(3g)

Status affected

Version 4.0(1.240)

Status affected

Version 4.0(2f)

Status affected

Version 4.0(1g)

Status affected

Version 4.0(2i)

Status affected

Version 3.1(3i)

Status affected

Version 4.0(4d)

Status affected

Version 4.1(1d)

Status affected

Version 3.1(3c)

Status affected

Version 4.0(4k)

Status affected

Version 3.1(2d)

Status affected

Version 3.1(3a)

Status affected

Version 3.1(3j)

Status affected

Version 4.0(2d)

Status affected

Version 4.1(1f)

Status affected

Version 4.0(1c)

Status affected

Version 4.0(4f)

Status affected

Version 4.0(4c)

Status affected

Version 3.1(3d)

Status affected

Version 3.1(2g)

Status affected

Version 3.1(2c)

Status affected

Version 4.0(1d)

Status affected

Version 3.1(2e)

Status affected

Version 4.0(1a)

Status affected

Version 4.0(1b)

Status affected

Version 3.1(3b)

Status affected

Version 4.0(4b)

Status affected

Version 3.1(2b)

Status affected

Version 4.0(4e)

Status affected

Version 3.1(3h)

Status affected

Version 4.0(4l)

Status affected

Version 4.1(1g)

Status affected

Version 4.1(2a)

Status affected

Version 4.0(2n)

Status affected

Version 4.1(1h)

Status affected

Version 3.1(3k)

Status affected

Version 4.1(2b)

Status affected

Version 4.0(2o)

Status affected

Version 4.0(4m)

Status affected

Version 4.1(2d)

Status affected

Version 4.1(3b)

Status affected

Version 4.0(2p)

Status affected

Version 4.1(2e)

Status affected

Version 4.1(2f)

Status affected

Version 4.0(4n)

Status affected

Version 4.0(2q)

Status affected

Version 4.1(3c)

Status affected

Version 4.0(2r)

Status affected

Version 4.1(3d)

Status affected

Version 4.1(2g)

Status affected

Version 4.1(2h)

Status affected

Version 4.1(3f)

Status affected

Version 4.1(2j)

Status affected

Version 4.1(2k)

Status affected

Version 4.1(3h)

Status affected

Version 4.2(2a)

Status affected

Version 4.1(3i)

Status affected

Version 4.2(2f)

Status affected

Version 4.2(2g)

Status affected

Version 4.2(3b)

Status affected

Version 4.1(3l)

Status affected

Version 4.2(3d)

Status affected

Version 4.3(1.230097)

Status affected

Version 4.2(1e)

Status affected

Version 4.2(1b)

Status affected

Version 4.2(1j)

Status affected

Version 4.2(1i)

Status affected

Version 4.2(1f)

Status affected

Version 4.2(1a)

Status affected

Version 4.2(1c)

Status affected

Version 4.2(1g)

Status affected

Version 4.3(1.230124)

Status affected

Version 4.1(2l)

Status affected

Version 4.2(3e)

Status affected

Version 4.3(1.230138)

Status affected

Version 4.2(3g)

Status affected

Version 4.3(2.230207)

Status affected

Version 4.2(3h)

Status affected

Version 4.2(3i)

Status affected

Version 4.3(2.230270)

Status affected

Version 4.1(3m)

Status affected

Version 4.1(2m)

Status affected

Version 4.3(2.240002)

Status affected

Version 4.3(3.240022)

Status affected

Version 4.2(3j)

Status affected

Version 4.1(3n)

Status affected

Version 4.3(2.240009)

Status affected

Version 4.3(3.240043)

Status affected

Version 4.3(4.240142)

Status affected

Version 4.3(2.240037)

Status affected

Version 4.3(2.240053)

Status affected

Version 4.3(4.240152)

Status affected

Version 4.2(3l)

Status affected

Version 4.3(2.240077)

Status affected

Version 4.3(4.242028)

Status affected

Version 4.3(4.241063)

Status affected

Version 4.3(4.242038)

Status affected

Version 4.2(3m)

Status affected

Version 4.3(2.240090)

Status affected

Version 4.3(5.240021)

Status affected

Version 4.3(2.240107)

Status affected

Version 4.3(4.242066)

Status affected

Version 4.2(3n)

Status affected

Version 4.3(5.250001)

Status affected

Version 4.2(3o)

Status affected

Version 4.3(2.250016)

Status affected

Version 4.3(2.250021)

Status affected

Version 4.3(5.250030)

Status affected

Version 4.3(2.250022)

Status affected

Version 4.3(6.250040)

Status affected

Version 4.3(5.250033)

Status affected

Version 4.3(6.250044)

Status affected

Version 4.3(6.250053)

Status affected

Version 4.3(2.250037)

Status affected

Version 4.3(2.250045)

Status affected

Version 4.3(4.252001)

Status affected

Version 4.3(4.252002)

Status affected

Version 6.0(1.250127)

Status affected

Version 4.2(3p)

Status affected

Version 6.0(1.250131)

Status affected

Version 4.3(6.250101)

Status affected

Version 4.3(6.250117)

Status affected

Version 4.3(5.250043)

Status affected

Version 4.3(6.250039)

Status affected

Version 4.3(5.250045)

Status affected

Version 4.3(6.250060)

Status affected

Version 6.0(1.250130)

Status affected

Version 4.3(4.241014)

Status affected

Version 4.3(2.250063)

Status affected

Version 4.3(6.260003)

Status affected

HerstellerCisco

≫

Produkt Cisco Unified Computing System E-Series Software (UCSE)

Default Statusunknown

Version 3.2.7

Status affected

Version 3.2.6

Status affected

Version 3.2.4

Status affected

Version 3.2.10

Status affected

Version 3.2.2

Status affected

Version 3.2.3

Status affected

Version 2.4.0

Status affected

Version 3.2.1

Status affected

Version 3.2.11.1

Status affected

Version 3.2.8

Status affected

Version 3.1.1

Status affected

Version 3.0.2

Status affected

Version 2.1.0

Status affected

Version 2.2.2

Status affected

Version 3.1.2

Status affected

Version 3.0.1

Status affected

Version 2.3.2

Status affected

Version 2.3.5

Status affected

Version 2.2.1

Status affected

Version 3.1.4

Status affected

Version 2.4.1

Status affected

Version 2.3.1

Status affected

Version 3.1.3

Status affected

Version 2.3.3

Status affected

Version 2.4.2

Status affected

Version 3.1.5

Status affected

Version 3.1.0

Status affected

Version 2.0.0

Status affected

Version 3.2.11.3

Status affected

Version 3.2.11.5

Status affected

Version 3.2.12.2

Status affected

Version 3.2.13.6

Status affected

Version 3.2.14

Status affected

Version 4.11.1

Status affected

Version 3.2.15

Status affected

Version 4.12.1

Status affected

Version 3.2.15.3

Status affected

Version 4.12.2

Status affected

Version 3.2.16.1

Status affected

Version 4.00

Status affected

Version 4.15.2

Status affected

Version 4.02

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://thehackernews.com/2026/04/weekly-recap-axios-hack-chrome-0-day.html

Media Report

https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html

Media Report

https://www.bleepingcomputer.com/news/security/critical-cisco-imc-auth-bypass-gives-attackers-admin-access/

Media Report

https://www.heise.de/news/Cisco-stopft-teils-kritische-Luecken-in-mehreren-Produkten-11244121.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn

https://nvd.nist.gov/vuln/detail/CVE-2026-20093

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20093

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20093

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20093