By Sergiu Gatlan
Publication Date: 2026-04-02 11:01:00
Cisco has released security updates to address several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that allows attackers to gain Admin access.
Also known as CIMC, Cisco IMC is a hardware module embedded on the motherboard of Cisco servers that provides out-of-band management (even if the operating system is powered off or crashed) for UCS C-Series and E-Series servers via multiple interfaces, including XML API, web (WebUI), and command-line (CLI).
Tracked as CVE-2026-20093, the vulnerability was found in the Cisco IMC password change functionality and can be remotely exploited by unauthenticated attackers to bypass authentication and access unpatched systems with Admin privileges.
“This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device,” Cisco explained on…
